Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hoaiuy.msi

Overview

General Information

Sample name:hoaiuy.msi
Analysis ID:1582340
MD5:251eff52580900a708bc33aa5ac20707
SHA1:ff2848350a329b3fd9d460e40d898962899e5b4d
SHA256:0713f3f1c34297d9689ff5b5202c2f37e385109ce493005eb1128ec180d03afd
Tags:knkbkk212msiuser-JAMESWT_MHT
Infos:

Detection

XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 5852 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\hoaiuy.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 1720 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • MSI305F.tmp (PID: 2816 cmdline: "C:\Windows\Installer\MSI305F.tmp" MD5: 6AE1479D38C7CB94C69B68D6F8678129)
      • Synaptics.exe (PID: 7120 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: ACA4D70521DE30563F4F2501D4D686A5)
        • WerFault.exe (PID: 8096 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 4052 MD5: C31336C1EFC2CCB44B4326EA793040F2)
        • WerFault.exe (PID: 8112 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 4080 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 3172 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • Synaptics.exe (PID: 7572 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: ACA4D70521DE30563F4F2501D4D686A5)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
hoaiuy.msiJoeSecurity_XRedYara detected XRedJoe Security
    hoaiuy.msiJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\Documents\CZQKSDDMWR\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
        C:\Users\user\Documents\CZQKSDDMWR\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\ProgramData\Synaptics\RCX38AB.tmpJoeSecurity_XRedYara detected XRedJoe Security
            C:\ProgramData\Synaptics\RCX38AB.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\Windows\Installer\6b2d8f.msiJoeSecurity_XRedYara detected XRedJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    Process Memory Space: MSI305F.tmp PID: 2816JoeSecurity_XRedYara detected XRedJoe Security

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      7.0.MSI305F.tmp.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                        7.0.MSI305F.tmp.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Installer\MSI305F.tmp, ProcessId: 2816, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                          Sigma detected: Office Macro File Creation
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7120, TargetFilename: C:\Users\user~1\AppData\Local\Temp\RapmmPw9.xlsm

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-30T11:34:02.304724+010020448871A Network Trojan was detected192.168.2.749714142.250.186.110443TCP
                          2024-12-30T11:34:02.314331+010020448871A Network Trojan was detected192.168.2.749715142.250.186.110443TCP
                          2024-12-30T11:34:03.270924+010020448871A Network Trojan was detected192.168.2.749728142.250.186.110443TCP
                          2024-12-30T11:34:03.296124+010020448871A Network Trojan was detected192.168.2.749731142.250.186.110443TCP
                          2024-12-30T11:34:05.282927+010020448871A Network Trojan was detected192.168.2.749742142.250.186.110443TCP
                          2024-12-30T11:34:05.300123+010020448871A Network Trojan was detected192.168.2.749743142.250.186.110443TCP
                          2024-12-30T11:34:06.251239+010020448871A Network Trojan was detected192.168.2.749754142.250.186.110443TCP
                          2024-12-30T11:34:06.277349+010020448871A Network Trojan was detected192.168.2.749755142.250.186.110443TCP
                          2024-12-30T11:34:07.255213+010020448871A Network Trojan was detected192.168.2.749770142.250.186.110443TCP
                          2024-12-30T11:34:07.291572+010020448871A Network Trojan was detected192.168.2.749771142.250.186.110443TCP
                          2024-12-30T11:34:08.312572+010020448871A Network Trojan was detected192.168.2.749778142.250.186.110443TCP
                          2024-12-30T11:34:08.312677+010020448871A Network Trojan was detected192.168.2.749777142.250.186.110443TCP
                          2024-12-30T11:34:09.280685+010020448871A Network Trojan was detected192.168.2.749791142.250.186.110443TCP
                          2024-12-30T11:34:09.284700+010020448871A Network Trojan was detected192.168.2.749792142.250.186.110443TCP
                          2024-12-30T11:34:10.264620+010020448871A Network Trojan was detected192.168.2.749800142.250.186.110443TCP
                          2024-12-30T11:34:10.332750+010020448871A Network Trojan was detected192.168.2.749803142.250.186.110443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-30T11:34:03.154406+010028326171Malware Command and Control Activity Detected192.168.2.74972269.42.215.25280TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: http://xred.site50.net/syn/SUpdate.ini0Avira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/Synaptics.rarhAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SSLLibrary.dlDAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCX38AB.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\RCX38AB.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Windows\Installer\MSI305F.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\Windows\Installer\MSI305F.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Found malware configuration
                          Source: hoaiuy.msiMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCX38AB.tmpReversingLabs: Detection: 91%
                          Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1ReversingLabs: Detection: 91%
                          Source: C:\Windows\Installer\MSI305F.tmpReversingLabs: Detection: 92%
                          Source: C:\Windows\SysWOW64\._cache_MSI305F.tmpReversingLabs: Detection: 55%
                          Multi AV Scanner detection for submitted file
                          Source: hoaiuy.msiReversingLabs: Detection: 65%
                          Source: hoaiuy.msiVirustotal: Detection: 72%Perma Link
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Windows\SysWOW64\._cache_MSI305F.tmpJoe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\RCX38AB.tmpJoe Sandbox ML: detected
                          Source: C:\Windows\Installer\MSI305F.tmpJoe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Joe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49714 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49715 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49729 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49770 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49771 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49801 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49802 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49800 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49803 version: TLS 1.2
                          Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeFile opened: c:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                          Source: MSI305F.tmp, 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: MSI305F.tmp, 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: MSI305F.tmp, 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                          Source: hoaiuy.msiBinary or memory string: [autorun]
                          Source: hoaiuy.msiBinary or memory string: [autorun]
                          Source: hoaiuy.msiBinary or memory string: autorun.inf
                          Source: RCX38AB.tmp.7.drBinary or memory string: [autorun]
                          Source: RCX38AB.tmp.7.drBinary or memory string: [autorun]
                          Source: RCX38AB.tmp.7.drBinary or memory string: autorun.inf
                          Source: MSI305F.tmp.2.drBinary or memory string: [autorun]
                          Source: MSI305F.tmp.2.drBinary or memory string: [autorun]
                          Source: MSI305F.tmp.2.drBinary or memory string: autorun.inf
                          Source: Synaptics.exe.7.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.7.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.7.drBinary or memory string: autorun.inf
                          Source: ~$cache1.9.drBinary or memory string: [autorun]
                          Source: ~$cache1.9.drBinary or memory string: [autorun]
                          Source: ~$cache1.9.drBinary or memory string: autorun.inf
                          Source: 6b2d8f.msi.2.drBinary or memory string: [autorun]
                          Source: 6b2d8f.msi.2.drBinary or memory string: [autorun]
                          Source: 6b2d8f.msi.2.drBinary or memory string: autorun.inf
                          Source: MSI2F16.tmp.2.drBinary or memory string: [autorun]
                          Source: MSI2F16.tmp.2.drBinary or memory string: [autorun]
                          Source: MSI2F16.tmp.2.drBinary or memory string: autorun.inf
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\userJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: excel.exeMemory has grown: Private usage: 1MB later: 68MB

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.7:49722 -> 69.42.215.252:80
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49715 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49714 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49743 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49731 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49754 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49771 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49755 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49770 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49778 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49800 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49791 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49792 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49803 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49777 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49728 -> 142.250.186.110:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49742 -> 142.250.186.110:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: xred.mooo.com
                          Uses dynamic DNS services
                          Source: unknownDNS query: name: freedns.afraid.org
                          Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                          Source: global trafficDNS traffic detected: DNS query: docs.google.com
                          Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                          Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5OYZsxUUmhhCcVeF2R-HvYF9sMGhJTk2AFUUgrzIKWlAfgy40TiCCDHnE3cuCcoyfpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:03 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-e5Hxq8mn8WJ6xt-ax5uJ0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=JblG2P3oDL03N4yzQwrFCO6k8b2Iz7JnusK-p3nqRfgfkzBiATbBqrs1Ex2TPSdGclyejFtBRngYdhVptvu0sf0IdIwu4XCzMWzlZsZQDHGM0lph6Mol-f5pDF2Vxu-BF_b1UjOnyL4qoR92CTkEE9RAowFIB5u8Op0nrNRNaGkj3ZRQ1gRMnS0; expires=Tue, 01-Jul-2025 10:34:03 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7rL9iz_NbFvmt1wgpTdxU95TyXrWITsz5S45l0iMzMR8aZlDQ6xLs7LuSqs_YBGusNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:03 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-XO2vpFTThq1lAQFMaUsYGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM; expires=Tue, 01-Jul-2025 10:34:03 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7RAAw0mlLzPqc6Pp9a5seYr0j7gKHT-s5sthqDvB-I8MNERA4FmdWR9AMZWLLx_0xJContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:05 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nw4gizUxbOyiEZzPuaX0iQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UmuDTxPNtGPD0ZeINl2bS5gwElLcAvzsoefDT8ZDgucbt252nq-Zj9KlnTlDz6_JvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:05 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-WDeeuwiJfwZ2XJAtEf6CDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC63bX1kwI6XAu3dcomZSsixQgvRDxxY9qQICByif2oWk679tZo29ZcYfnFosXHDMxP5ZV5nOTUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:06 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DY0Q0wl0uCXvgCf-pFSAMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6XyaAZqxT60dvOc6DWGz93lM3lYOat_PsWV4ASE5jT9lNJVaZj3tfJ3IqjwajV1bhpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:06 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DnVPaQCmtrBi9MTbxBcDVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC52bjcwT55uh_hd1CO7bBJb04UeQyE9wXOGKXHnjuA7_mh58U8bnl8Z41DtbwXr5H3uBLGXrlcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:07 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ExTdA9Q5ahMn1bDHaMUNEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Twsg3DK3LFQgWw4OOOeC_pmFgX7VMmiaAST2-UKwkySrIXiODlkXfZuZr_iHHZAZwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:07 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-rMCgTBd9sMWSW24zyMg0mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6wDPId7diy6EKGzgiVb3DjO_YnoOlpaHKxLZkp222F3RHKLbsiERUCKWtMuS35VJeeContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:10 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-QeKnXK2-gM3Nd6TcYK64KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5HAZ5612s1TTwJ2ZNPKySR1E-A5cBwTOrO0yjW1agva19ifbK4l0dS6I2C-7tKu_j2D9YcDUUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:34:10 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-fkbuH5UabYG-N_cS5LUhdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: MSI2F16.tmp.2.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978x
                          Source: Amcache.hve.21.drString found in binary or memory: http://upx.sf.net
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlD
                          Source: MSI2F16.tmp.2.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                          Source: MSI2F16.tmp.2.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini0
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                          Source: MSI2F16.tmp.2.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarh
                          Source: Synaptics.exe, 00000009.00000003.1390001193.000000000058E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                          Source: Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/-Model
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/4w
                          Source: Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/6
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000009.00000003.1390001193.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/d
                          Source: Synaptics.exe, 00000009.00000002.1559825677.000000000888E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                          Source: MSI2F16.tmp.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                          Source: MSI2F16.tmp.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007337000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$x
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%o
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&;:
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.co
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com0
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0=Jb
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0IdI
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1;A
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2N
                          Source: Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                          Source: Synaptics.exe, 00000009.00000003.1390001193.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3X
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8x
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;o~
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                          Source: Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAlt-
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBi
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCP=
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007337000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGe
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGetW
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007337000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                          Source: Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLx
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                          Source: Synaptics.exe, 00000009.00000002.1556699643.0000000005C2E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557467373.00000000069EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1554455368.00000000041AD000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1558885582.00000000075BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1556632365.0000000005AEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1556962729.000000000612E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557219629.00000000064EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557034497.000000000626E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557881033.000000000727E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557763774.0000000006FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557709139.0000000006EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557591959.0000000006C2E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557120025.00000000063AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1556553780.00000000059AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1556763533.0000000005D6E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557359507.000000000676E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557827361.000000000713E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                          Source: Synaptics.exe, 00000009.00000002.1559011640.000000000783E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1558937163.00000000076FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1556832336.0000000005EAE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN##
                          Source: Synaptics.exe, 00000009.00000002.1554809259.00000000045AE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN88
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRegCR;ne
                          Source: Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSee8
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTu
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUpdas;
                          Source: Synaptics.exe, 00000009.00000003.1390001193.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007337000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXz
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZRQ1g
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadache
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadalSe.8B
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                          Source: Synaptics.exe, 00000009.00000003.1390001193.00000000005BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.neA
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                          Source: Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddL
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadds.com
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade-inl
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeFilh;xW
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeFor
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadecaptF
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeport
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                          Source: Synaptics.exe, 00000009.00000003.1390001193.00000000005BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogl
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhtml
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhu:
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadinfo.
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                          Source: Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkColp8
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl-ve
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle.co
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.1390001193.00000000005BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeZon
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmerce.comL
                          Source: Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmp
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                          Source: Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.neA
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname(
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnclz
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnhMe
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnten
                          Source: Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoW64
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadody
                          Source: Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadort=d
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007337000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrigin
                          Source: Synaptics.exe, 00000009.00000003.1390001193.00000000005BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojec
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrsion
                          Source: Synaptics.exe, 00000009.00000002.1556284784.000000000548C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstemP
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtors
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtx6
                          Source: Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                          Source: Synaptics.exe, 00000009.00000002.1557906775.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw$
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1557906775.000000000732A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadza
                          Source: Synaptics.exe, 00000009.00000002.1557906775.0000000007370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVOhC
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                          Source: MSI2F16.tmp.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                          Source: Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                          Source: Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3gM
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3gM5t#
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3gMZvL
                          Source: Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgtQ
                          Source: Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                          Source: MSI2F16.tmp.2.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                          Source: MSI2F16.tmp.2.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                          Source: MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlX
                          Source: MSI2F16.tmp.2.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                          Source: Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49714 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49715 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49729 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49770 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49771 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49801 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.7:49802 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49800 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.7:49803 version: TLS 1.2

                          System Summary

                          barindex
                          Document contains an embedded VBA macro with suspicious strings
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Document contains an embedded VBA with functions possibly related to ADO stream file operations
                          Source: RapmmPw9.xlsm.9.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Source: GLTYDMDUST.xlsm.9.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Document contains an embedded VBA with functions possibly related to HTTP operations
                          Source: RapmmPw9.xlsm.9.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Source: GLTYDMDUST.xlsm.9.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                          Source: RapmmPw9.xlsm.9.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: GLTYDMDUST.xlsm.9.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6b2d8f.msiJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{29EF7317-DCA1-4159-97B2-C883AD400AC6}Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2F16.tmpJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI305F.tmpJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile created: C:\Windows\SysWOW64\._cache_MSI305F.tmpJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI305F.tmpJump to behavior
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: RapmmPw9.xlsm.9.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: GLTYDMDUST.xlsm.9.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCX38AB.tmp 449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Documents\CZQKSDDMWR\~$cache1 449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 4052
                          Source: MSI305F.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                          Source: MSI305F.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                          Source: Synaptics.exe.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: RCX38AB.tmp.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: ~$cache1.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: hoaiuy.msiBinary or memory string: OriginalFileName vs hoaiuy.msi
                          Source: hoaiuy.msiBinary or memory string: OriginalFilenameb! vs hoaiuy.msi
                          Source: classification engineClassification label: mal100.troj.expl.evad.winMSI@10/42@5/3
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML303F.tmpJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7120
                          Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFBB54040F23AB3210.TMPJump to behavior
                          Source: Yara matchFile source: hoaiuy.msi, type: SAMPLE
                          Source: Yara matchFile source: 7.0.MSI305F.tmp.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX38AB.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\6b2d8f.msi, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSI2F16.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSI305F.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: C:\Windows\Installer\MSI305F.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: hoaiuy.msiReversingLabs: Detection: 65%
                          Source: hoaiuy.msiVirustotal: Detection: 72%
                          Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\hoaiuy.msi"
                          Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI305F.tmp "C:\Windows\Installer\MSI305F.tmp"
                          Source: C:\Windows\Installer\MSI305F.tmpProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                          Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 4052
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 4080
                          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI305F.tmp "C:\Windows\Installer\MSI305F.tmp"Jump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: netapi32.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: twext.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: cscapi.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: twext.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: policymanager.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: cscapi.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: acppage.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: msi.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: aepic.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\2I3i3hy.iniJump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                          Source: hoaiuy.msiStatic file information: File size 1740800 > 1048576
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: initial sampleStatic PE information: section name: UPX0
                          Source: initial sampleStatic PE information: section name: UPX1

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files to the document folder of the user
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                          Drops executables to the windows directory (C:\Windows) and starts them
                          Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI305F.tmpJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile created: C:\Windows\SysWOW64\._cache_MSI305F.tmpJump to dropped file
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI305F.tmpJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                          Source: C:\Windows\Installer\MSI305F.tmpFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Windows\Installer\MSI305F.tmpFile created: C:\ProgramData\Synaptics\RCX38AB.tmpJump to dropped file
                          Source: C:\Windows\Installer\MSI305F.tmpFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Windows\Installer\MSI305F.tmpFile created: C:\ProgramData\Synaptics\RCX38AB.tmpJump to dropped file
                          Source: C:\Windows\Installer\MSI305F.tmpFile created: C:\Windows\SysWOW64\._cache_MSI305F.tmpJump to dropped file
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI305F.tmpJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                          Source: C:\Windows\Installer\MSI305F.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\._cache_MSI305F.tmpJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7380Thread sleep time: -780000s >= -30000sJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8064Thread sleep time: -60000s >= -30000sJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\userJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: Amcache.hve.21.drBinary or memory string: VMware
                          Source: Amcache.hve.21.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.21.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.21.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.21.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.21.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.21.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Synaptics.exe, 00000009.00000002.1553197288.000000000056E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.21.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPW%SystemRoot%\system32\mswsock.dlls
                          Source: Amcache.hve.21.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: Amcache.hve.21.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.21.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.21.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.21.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.21.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.21.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.21.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.21.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: Amcache.hve.21.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.21.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.21.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.21.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.21.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.21.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.21.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                          Source: Amcache.hve.21.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\Installer\MSI305F.tmpProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: Amcache.hve.21.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                          Source: Amcache.hve.21.drBinary or memory string: MsMpEng.exe

                          Stealing of Sensitive Information

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: hoaiuy.msi, type: SAMPLE
                          Source: Yara matchFile source: 7.0.MSI305F.tmp.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MSI305F.tmp PID: 2816, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX38AB.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\6b2d8f.msi, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSI2F16.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSI305F.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: hoaiuy.msi, type: SAMPLE
                          Source: Yara matchFile source: 7.0.MSI305F.tmp.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MSI305F.tmp PID: 2816, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX38AB.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\6b2d8f.msi, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSI2F16.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSI305F.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information41
                          Scripting                          		2
                          Replication Through Removable Media                          		Windows Management Instrumentation41
                          Scripting                          		11
                          Process Injection                          		132
                          Masquerading                          		OS Credential Dumping1
                          Query Registry                          		Remote ServicesData from Local System1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          Registry Run Keys / Startup Folder                          		1
                          Registry Run Keys / Startup Folder                          		21
                          Virtualization/Sandbox Evasion                          		LSASS Memory121
                          Security Software Discovery                          		Remote Desktop ProtocolData from Removable Media3
                          Ingress Tool Transfer                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		11
                          Process Injection                          		Security Account Manager1
                          Process Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                          Extra Window Memory Injection                          		1
                          Obfuscated Files or Information                          		NTDS21
                          Virtualization/Sandbox Evasion                          		Distributed Component Object ModelInput Capture34
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Software Packing                          		LSA Secrets11
                          Peripheral Device Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials3
                          File and Directory Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          File Deletion                          		DCSync13
                          System Information Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          Extra Window Memory Injection                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582340 Sample: hoaiuy.msi Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 46 freedns.afraid.org 2->46 48 xred.mooo.com 2->48 50 4 other IPs or domains 2->50 58 Suricata IDS alerts for network traffic 2->58 60 Found malware configuration 2->60 62 Antivirus detection for URL or domain 2->62 66 11 other signatures 2->66 9 msiexec.exe 8 33 2->9         started        13 EXCEL.EXE 228 66 2->13         started        15 Synaptics.exe 2->15         started        17 msiexec.exe 2 2->17         started        signatures3 64 Uses dynamic DNS services 46->64 process4 file5 40 C:\Windows\Installer\MSI305F.tmp, PE32 9->40 dropped 42 C:\Windows\Installer\MSI2F16.tmp, data 9->42 dropped 44 C:\Windows\Installer\6b2d8f.msi, Composite 9->44 dropped 82 Drops executables to the windows directory (C:\Windows) and starts them 9->82 19 MSI305F.tmp 1 5 9->19         started        signatures6 process7 file8 32 C:\Windows\SysWOW64\._cache_MSI305F.tmp, PE32 19->32 dropped 34 C:\ProgramData\Synaptics\Synaptics.exe, PE32 19->34 dropped 36 C:\ProgramData\Synaptics\RCX38AB.tmp, PE32 19->36 dropped 68 Antivirus detection for dropped file 19->68 70 Multi AV Scanner detection for dropped file 19->70 72 Machine Learning detection for dropped file 19->72 23 Synaptics.exe 30 19->23         started        signatures9 process10 dnsIp11 52 docs.google.com 142.250.186.110, 443, 49714, 49715 GOOGLEUS United States 23->52 54 drive.usercontent.google.com 216.58.206.65, 443, 49729, 49730 GOOGLEUS United States 23->54 56 freedns.afraid.org 69.42.215.252, 49722, 80 AWKNET-LLCUS United States 23->56 38 C:\Users\user\Documents\CZQKSDDMWR\~$cache1, PE32 23->38 dropped 74 Antivirus detection for dropped file 23->74 76 Multi AV Scanner detection for dropped file 23->76 78 Drops PE files to the document folder of the user 23->78 80 Machine Learning detection for dropped file 23->80 28 WerFault.exe 21 16 23->28         started        30 WerFault.exe 2 23->30         started        file12 signatures13 process14

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          hoaiuy.msi66%ReversingLabsWin32.Trojan.Synaptics
                          hoaiuy.msi72%VirustotalBrowse

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\Synaptics\RCX38AB.tmp100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\RCX38AB.tmp100%AviraW2000M/Dldr.Agent.17651006
                          C:\Windows\Installer\MSI305F.tmp100%AviraTR/Dldr.Agent.SH
                          C:\Windows\Installer\MSI305F.tmp100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%AviraTR/Dldr.Agent.SH
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                          C:\Windows\SysWOW64\._cache_MSI305F.tmp100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\RCX38AB.tmp100%Joe Sandbox ML
                          C:\Windows\Installer\MSI305F.tmp100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\RCX38AB.tmp92%ReversingLabsWin32.Worm.Zorex
                          C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                          C:\Users\user\Documents\CZQKSDDMWR\~$cache192%ReversingLabsWin32.Worm.Zorex
                          C:\Windows\Installer\MSI305F.tmp92%ReversingLabsWin32.Trojan.Synaptics
                          C:\Windows\SysWOW64\._cache_MSI305F.tmp55%ReversingLabsWin32.Trojan.Lisk

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://xred.site50.net/syn/SUpdate.ini0100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/Synaptics.rarh100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/SSLLibrary.dlD100%Avira URL Cloudmalware

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          freedns.afraid.org
                          		69.42.215.252
                          		truefalse
                            		high
                            docs.google.com
                            		142.250.186.110
                            		truefalse
                              		high
                              s-part-0017.t-0009.t-msedge.net
                              		13.107.246.45
                              		truefalse
                                		high
                                drive.usercontent.google.com
                                		216.58.206.65
                                		truefalse
                                  		high
                                  xred.mooo.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    xred.mooo.comfalse
                                      		high
                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://xred.site50.net/syn/SUpdate.ini0MSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1MSI2F16.tmp.2.drfalse
                                              		high
                                              https://docs.google.com/6Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.google.com/4wSynaptics.exe, 00000009.00000002.1555549023.0000000005430000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVOhCSynaptics.exe, 00000009.00000002.1557906775.0000000007370000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://drive.usercontent.google.com/Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://upx.sf.netAmcache.hve.21.drfalse
                                                          		high
                                                          http://xred.site50.net/syn/Synaptics.rarMSI2F16.tmp.2.drfalse
                                                            		high
                                                            http://xred.site50.net/syn/Synaptics.rarhMSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://docs.google.com/dSynaptics.exe, 00000009.00000003.1390001193.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/Synaptics.exe, 00000009.00000003.1390001193.000000000058E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1555549023.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.1553197288.0000000000519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlXMSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xred.site50.net/syn/SSLLibrary.dlDMSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1MSI2F16.tmp.2.drfalse
                                                                        		high
                                                                        https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1MSI2F16.tmp.2.drfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://xred.site50.net/syn/SUpdate.iniMSI2F16.tmp.2.drfalse
                                                                              		high
                                                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000009.00000002.1554033809.0000000002180000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://docs.google.com/uc?id=0;Synaptics.exe, 00000009.00000002.1559825677.000000000888E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978xMSI305F.tmp, 00000007.00000003.1292540501.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/-ModelSynaptics.exe, 00000009.00000002.1553197288.00000000005A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://xred.site50.net/syn/SSLLibrary.dllMSI2F16.tmp.2.drfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        142.250.186.110
                                                                                        		docs.google.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        216.58.206.65
                                                                                        		drive.usercontent.google.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        69.42.215.252
                                                                                        		freedns.afraid.orgUnited States
                                                                                        		17048AWKNET-LLCUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1582340
                                                                                        Start date and time:2024-12-30 11:32:55 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 5m 49s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Run name:Without Instrumentation
                                                                                        Number of analysed new started processes analysed:27
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:hoaiuy.msi
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.expl.evad.winMSI@10/42@5/3
                                                                                        EGA Information:Failed
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        • Number of executed functions: 0
                                                                                        • Number of non-executed functions: 0
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .msi
                                                                                        • Close Viewer

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 184.28.90.27, 2.18.97.153, 104.208.16.90, 20.42.65.92, 13.107.246.45, 20.190.159.71, 4.175.87.197
                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, time.windows.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, onedscolprdcus14.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, s-0005.s-msedge.net, config.officeapps.live.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.con
                                                                                        • Execution Graph export aborted for target Synaptics.exe, PID 7120 because there are no executed function
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        05:33:59API Interceptor83x Sleep call for process: Synaptics.exe modified
                                                                                        07:29:16API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                        11:33:53AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        69.42.215.252LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        s-part-0017.t-0009.t-msedge.netKOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 13.107.246.45
                                                                                        Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                        • 13.107.246.45
                                                                                        universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        https://N0.kolivane.ru/da4scmQ/#Memily.gamble@amd.comGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        installer64v9.5.7.msiGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                        • 13.107.246.45
                                                                                        017069451a4dbc523a1165a2f1bd361a762bb40856778.exeGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        http://nemoinsure.comGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        freedns.afraid.orgLWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                        • 69.42.215.252

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        AWKNET-LLCUSLWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                        • 69.42.215.252

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        37f463bf4616ecd445d4a1937da06e19LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65
                                                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                                                        • 142.250.186.110
                                                                                        • 216.58.206.65

                                                                                        Dropped Files

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        C:\Users\user\Documents\CZQKSDDMWR\~$cache1Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                          222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                            C:\ProgramData\Synaptics\RCX38AB.tmpMachine-PO.exeGet hashmaliciousXRedBrowse
                                                                                              222.exeGet hashmaliciousLodaRAT, XRedBrowse

                                                                                                Created / dropped Files

                                                                                                C:\Config.Msi\6b2d91.rbs

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:modified
                                                                                                Size (bytes):623
                                                                                                Entropy (8bit):5.29154229597798
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:EgMg8mmIdFoll1S/cqj//pFvfN2zWotHMphe2WmmY3HDyzgj8Q:UgTMl1SkqjM65ptyzAL
                                                                                                MD5:BB02DF3A0DFDFC4FF590FF742F790B67
                                                                                                SHA1:BC04477E24A02EAC3821D296132AF5F9D246AD5F
                                                                                                SHA-256:D71E991E4108CF8A6BCFEBB117BA86BAF55104CC921A32612E4B8E3D818F6BF3
                                                                                                SHA-512:748382AE82584B7E20DF7BE6FDB04E7695CBAD11CF68EDA89539E8A5A6E91250BAD602A88B70D1D9D463473411344DBDEF4FAEB4199167B22963E3CAD6610EBB
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:...@IXOS.@.....@:,.Y.@.....@.....@.....@.....@.....@......&.{29EF7317-DCA1-4159-97B2-C883AD400AC6}..Exe to msi converter free..hoaiuy.msi.@.....@.....@.....@........&.{C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}.....@.....@.....@.....@.......@.....@.....@.......@......Exe to msi converter free......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4C231858-2B39-11D3-8E0D-00C04F6837D0}&.{29EF7317-DCA1-4159-97B2-C883AD400AC6}.@........RemoveODBC..Removing ODBC components..%._B3D13F97_1369_417D_A477_B4C42B829328...@.....@.....@....

                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):118
                                                                                                Entropy (8bit):3.5700810731231707
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                MD5:573220372DA4ED487441611079B623CD
                                                                                                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                Malicious:false
                                                                                                Reputation:high, very likely benign file
                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_56f1e7e6dd49e686cdf4ffd820ded92baa13c65_455b7b6e_281cb026-e903-4af0-81e1-56cd4c53c980\Report.wer

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):65536
                                                                                                Entropy (8bit):1.1337513533985546
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:qt56jVpssIm102k6PRDzJDzqjtgA/FczxwzuiF1Z24IO8EKDzy:2Cyss2k6PRJqjcKzuiF1Y4IO8zy
                                                                                                MD5:7575EFB01BF919409522843E180BAFAA
                                                                                                SHA1:8F939871725A8A4D4695A546A8AE275C4ED9CAEE
                                                                                                SHA-256:CE1340473FFB5C22B8B6ED0D994F5ECABA566FA72A1BE27FD4ED28CE5F3ED13E
                                                                                                SHA-512:03AD0074B5A223D23BA017238B74E6298F2732C144C07ABAB6FC9AF5863CF437D3E8D5D1203CF9B9298673A5A06C1446E945E4D8D36F5BC52885670AC74DF3A7
                                                                                                Malicious:false
                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.8.4.4.9.0.5.0.1.1.5.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.8.4.5.2.9.7.1.9.8.1.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.8.1.c.b.0.2.6.-.e.9.0.3.-.4.a.f.0.-.8.1.e.1.-.5.6.c.d.4.c.5.3.c.9.8.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.3.a.c.6.7.4.f.-.b.b.d.0.-.4.3.2.f.-.b.2.3.5.-.3.8.3.5.f.d.7.a.7.5.5.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.d.0.-.0.0.0.1.-.0.0.1.4.-.8.e.b.8.-.0.b.5.2.a.6.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.6.c.2.b.a.a.7.2.e.a.5.d.0.8.b.6.5.8.3.8.9.3.b.0.1.0.0.1.e.5.4.0.2.1.3.f.4.a.a.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A86.tmp.dmp

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 10:34:09 2024, 0x1205a4 type
                                                                                                Category:dropped
                                                                                                Size (bytes):1877988
                                                                                                Entropy (8bit):1.8764638524545219
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:61wpBky+s6car5k0XDWz2vWtsT7PIgEUQDN/Z7Xn8D1WBTAZOVBINdouwBKU8ADa:6CpWN1bb
                                                                                                MD5:CE536F3C7D8E90342D8ED0C2FB977091
                                                                                                SHA1:B8DF3B1472829C38B1D029E33A0F935A1D511C50
                                                                                                SHA-256:BEBDD86B29604208A0FFDE437E38122FF47D657F136BB3406024D10296634451
                                                                                                SHA-512:9AA17F687465FCC36A5D7D91185D0BBE9A4F658C9B6C6EB2B379E07C7A83092AECFA934D23A4611EF9DA233539F904A37180E1D17F743E4EAA4E25B44489B0D0
                                                                                                Malicious:false
                                                                                                Preview:MDMP..a..... .......!wrg.....................................=...M..........T.......8...........T...........H...............T8..........@:..............................................................................eJ.......:......GenuineIntel............T............wrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER88DF.tmp.WERInternalMetadata.xml

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):6316
                                                                                                Entropy (8bit):3.7164903184170623
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:R6l7wVeJbxU6H7YiStl5QNrNprc89bzssfeKRm:R6lXJW6bYFl5Qvz/fel
                                                                                                MD5:BD94CD27C20EAEA0E2C40B31DC22C449
                                                                                                SHA1:214CF30A37ACAD7BF430088A24AD89731F8C970D
                                                                                                SHA-256:86AC0337525A0EB881E1FFF58413A0FAC66F5A4121DC9E5716C5DC768FEA6168
                                                                                                SHA-512:A9FF24F136DB69330ACF78B24B269D44A59957B833ABC8C543931022F0DF9EA4237A35F41D8E54DF803C3FE4F27D58666CA0DFE97F8A8826764EA12E36609E5D
                                                                                                Malicious:false
                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.2.0.<./.P.i.

                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER890F.tmp.xml

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):4572
                                                                                                Entropy (8bit):4.4419712194103225
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:cvIwWl8zsjJg77aI9E9VWpW8VYNvYm8M4JFLFA+q84CLc5Zgd:uIjf9I7S+7V+yJEamZgd
                                                                                                MD5:FB86E37D14340E5DB4E6B0642E9D13C0
                                                                                                SHA1:86570A6F03258ED79190535B7FFE7F9AA87EA847
                                                                                                SHA-256:D11848029DBBC50EDB76D4D78E42E3939B93100E7F7EC7907A35F596D892F4AB
                                                                                                SHA-512:C09635AE55620665E185224CE69E30A11A143B73501A43BEFCA072271765F50489E9D99FC8E7772BE5B6687DA48D91489965D11ABB5E90416872FFCA3DA62D52
                                                                                                Malicious:false
                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653856" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                C:\ProgramData\Synaptics\RCX38AB.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\Installer\MSI305F.tmp
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):771584
                                                                                                Entropy (8bit):6.638013190381294
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX38AB.tmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX38AB.tmp, Author: Joe Security
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: Machine-PO.exe, Detection: malicious, Browse
                                                                                                • Filename: 222.exe, Detection: malicious, Browse
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\Installer\MSI305F.tmp
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1716224
                                                                                                Entropy (8bit):7.459857526100218
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:cnsHyjtk2MYC5GDIhloJfAAR/sTEsiwg6gpWacS:cnsmtk2aFhlZUETE9wg5
                                                                                                MD5:6AE1479D38C7CB94C69B68D6F8678129
                                                                                                SHA1:0BE3ABAD5D5F32440715B33052CE7DF3059C5281
                                                                                                SHA-256:87E0B788C004B6A9C0796FC7D60C61F10070025440E34725D1519E6B76A99F1F
                                                                                                SHA-512:E55D621B2C49333CF980764C5D03C50D7CB9AF3742B4F7B6801240461C275988AC4E9815C9CCD8606364DE5D8EFD94C08F9DA6F6CB182955DDA3FF49A21D31E3
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\2I3i3hy.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.275298610443771
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+0MFSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+tF+pAZewRDK4mW
                                                                                                MD5:80A7436F1BEA7BDAA9F39C24DFC7AC62
                                                                                                SHA1:5D6367CB0634B8B5351172D3C7CE0E327E64861C
                                                                                                SHA-256:60D2E5A19EDC6285F5A2C2236479BB34AD5E8933449779D48F9234C2F19B6158
                                                                                                SHA-512:D4319D7768E85D8C84082F6CA40BE7135618CDB72588443203AD53EE72B40174625772644E0F53FB34F54ED94A9951A87564C707C31B91B5F968A7D25630AF6A
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yGOWATcvRklVICWzFPbEEg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\ISfDclg.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:modified
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.251975322020489
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+0g9SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                MD5:E4F634228015D34192372972EF274AE0
                                                                                                SHA1:3ED91F40B1544C70E364E3CC430F820CEAD52A9A
                                                                                                SHA-256:826F6F0F5F8632020A9AA05AD24E29C8799761F397587FFF9659D218EE8C9230
                                                                                                SHA-512:31FB81307A0BA918E20985E4889B0EECB510463D3FD45A5B9FFEB1284A7E0637A7103A5D2873B097116939DADF9EA73A6EF7C9CB4AEAF3C100A37BE4A8699050
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n5TVDyEgZdPdylxgzvksRw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\MpiuBLA.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.266634756055294
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+0KEdSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Vy+pAZewRDK4mW
                                                                                                MD5:04219A616939D6F6092C19A494B7E37E
                                                                                                SHA1:457B0D6534191440D7960F8CF58BC69EE7DC5E30
                                                                                                SHA-256:C531868B790525FC71AC2E065E348458E9340B9CDB50904B94FCBEBE5DE65DEA
                                                                                                SHA-512:E30C55383CA618985BD63A2866DFF68832DB4E84500192F54168C988B20DC4A82E3138D47E1EC0BA5BEBC3E7F537066F0188A47C2F26974393F3545C99733088
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="E53d3JODnBb0Wj5w0PXmnA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\Np6Bscs.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.2722499064459
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+0hSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C+pAZewRDK4mW
                                                                                                MD5:89091F2701DB7F7CBFB480063BE7D638
                                                                                                SHA1:EF69AB5468005889AD2E644EDAB9E9599827EF81
                                                                                                SHA-256:B0E5B82E2E9E8886410D6E73C5F81BC62A34244831C5716BD6CF343C5DB3A2AE
                                                                                                SHA-512:F946AD2579C4CE5B3DC500CBF71CEC838517906C7225DC83AF9DBD9A96795DC460765B32775316531A6255D04E6DA8D482951B9C37953AB1A271662227BD1DF9
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mGbe_GFZQ38UVFSG82y7WQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\POYb9ol.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.263931629061635
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+0bNsSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+gq+pAZewRDK4mW
                                                                                                MD5:4018D39DED65F0979DC4E7EEBEF4052B
                                                                                                SHA1:984695E1B7DEA066A0995BA20182F84014592544
                                                                                                SHA-256:0DB91754BBB4F95F10B857906D612968E0021D5663A24D87CE79C2088611FE80
                                                                                                SHA-512:089ABCAC398735195197E3F9FB1585F5DC919593EDE3896181D3B313CF13AD7C1190B7C20821A627D0AC2D0C7F3C4ED21D620F6893681BF402A8FBF56F9A1FBC
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UELnbu9KAmLhU4LVzId0aQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\RapmmPw9.xlsm

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:Microsoft Excel 2007+
                                                                                                Category:dropped
                                                                                                Size (bytes):18387
                                                                                                Entropy (8bit):7.523057953697544
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                Malicious:false
                                                                                                Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                C:\Users\user\AppData\Local\Temp\SsphaNP.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.256331519976556
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+0wPSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+F+pAZewRDK4mW
                                                                                                MD5:E14C1132D0BA1AD766E954D93457D216
                                                                                                SHA1:7C17D11199E1A0E0E485130304D6D1AA78698531
                                                                                                SHA-256:4E81E5269E45F6B455510AABA32B0B3CFEF78AD8D6A38BC1A207F331C5E374FD
                                                                                                SHA-512:06BA76E1F4C0EA4915C178CB81F42CE8ADDAC105EB38D6F2964C24742D323DB9845A2FF973B2D55730F258BF27EBC7BA5999F32E18811062D2128CF9976AA4AA
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NF50oZFcua0M3eW60SS7rw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\Zd5zLeP.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.273132273853106
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+0DsDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+LD+pAZewRDK4mW
                                                                                                MD5:E2A7719C04CC2BDD3E64797BD04EF7F4
                                                                                                SHA1:1353ACA2E4F3D0946F22D4F1F31AFA4B3C4EF605
                                                                                                SHA-256:54F4815D64D72C712DF2C37924587AD3183E6B2A7C206053088550CEB514ACCE
                                                                                                SHA-512:E73D10E2441142F87FFC9B3C3B677733E5CFFD12661BAA864C5F86006315778A43E8A246CF346A38E352588A93030B88ABA63144E89DD7C065CA33EA8AFD102A
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-oMCcOUgGSBrP9KFuLnQHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\e7EJH42.ini

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1652
                                                                                                Entropy (8bit):5.27180050937922
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:GgsF+09SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+S+pAZewRDK4mW
                                                                                                MD5:D6A6E5EB2051A1048E37BEB6E036DD05
                                                                                                SHA1:AECD8E66FD297EE6479DB140A5BB8DB0931A3533
                                                                                                SHA-256:6A05AECDEBB986505A6C21C0110A824019CA49A15C3285C582EC60A79B3BC005
                                                                                                SHA-512:D20A7C78D51E14E93294B74A8C8FB0F6AB793A141014E6964FC2A01EA2310F514DCA7B23DF3294299652143311FF2EDBB6366F0EDD91F9C000FCBD4EF1252252
                                                                                                Malicious:false
                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NAfo3YejTi6Z1S2JvQymBA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                C:\Users\user\AppData\Local\Temp\~$RapmmPw9.xlsm

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):165
                                                                                                Entropy (8bit):1.7769794087092887
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                                MD5:37BD8218D560948827D3B948CAFA579C
                                                                                                SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                                SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                                SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                                Malicious:false
                                                                                                Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                C:\Users\user\AppData\Local\Temp\~DF136A820A2B95A2B1.TMP

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):3.746897789531007
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\Documents\CZQKSDDMWR\GLTYDMDUST.xlsm

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:Microsoft Excel 2007+
                                                                                                Category:dropped
                                                                                                Size (bytes):18387
                                                                                                Entropy (8bit):7.523057953697544
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                Malicious:false
                                                                                                Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                C:\Users\user\Documents\CZQKSDDMWR\~$GLTYDMDUST.xlsx

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):165
                                                                                                Entropy (8bit):1.7769794087092887
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                                MD5:37BD8218D560948827D3B948CAFA579C
                                                                                                SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                                SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                                SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                                Malicious:false
                                                                                                Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                C:\Users\user\Documents\CZQKSDDMWR\~$cache1

                                                                                                Download File
                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):771584
                                                                                                Entropy (8bit):6.638013190381294
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, Author: Joe Security
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: Machine-PO.exe, Detection: malicious, Browse
                                                                                                • Filename: 222.exe, Detection: malicious, Browse
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                C:\Windows\Installer\6b2d8f.msi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Last Printed: Fri Sep 21 10:56:09 2012, Create Time/Date: Fri Sep 21 10:56:09 2012, Name of Creating Application: Windows Installer, Title: Exe to msi converter free, Author: www.exetomsi.com, Template: ;0, Last Saved By: devuser, Revision Number: {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}, Last Saved Time/Date: Tue May 21 12:56:44 2013, Number of Pages: 100, Number of Words: 0, Security: 0
                                                                                                Category:dropped
                                                                                                Size (bytes):1740800
                                                                                                Entropy (8bit):7.419100432352842
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:xERnsHyjtk2MYC5GDIhloJfAAR/sTEsiwg6gpWacS:knsmtk2aFhlZUETE9wg5
                                                                                                MD5:251EFF52580900A708BC33AA5AC20707
                                                                                                SHA1:FF2848350A329B3FD9D460E40D898962899E5B4D
                                                                                                SHA-256:0713F3F1C34297D9689FF5B5202C2F37E385109CE493005EB1128EC180D03AFD
                                                                                                SHA-512:F0D4501AF1D323347AAB94EB35C94980FDBADE725E7F3E061835CD322AE6333877FB6E0D0ECF73CDEBEAB40C4FDF1E9ACF0C6B5CE85AFD51D0A37DDCAF4C7D94
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\6b2d8f.msi, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\6b2d8f.msi, Author: Joe Security
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI2F16.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):1716946
                                                                                                Entropy (8bit):7.459569422565693
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:7nsHyjtk2MYC5GDIhloJfAAR/sTEsiwg6gpWac5:7nsmtk2aFhlZUETE9wgm
                                                                                                MD5:2D9AE64BC656DB09C6F65885468D3B39
                                                                                                SHA1:BCF4D7E939A6EDBB0475D1F7C512E64175463CFD
                                                                                                SHA-256:B2F87A7DB51113E7FFE68677AD9D02527D40AE140DBC98406197EA20108B1327
                                                                                                SHA-512:BB0791163A1D51CE8064AD5332AD76B663B6DD759CAFC1FAAA9DA601C1034EABB6961FBCB91B6A7526F0AD642600B8086B617E3B8BAC8B7416EAC6947443F7C7
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\MSI2F16.tmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\MSI2F16.tmp, Author: Joe Security
                                                                                                Preview:...@IXOS.@.....@9,.Y.@.....@.....@.....@.....@.....@......&.{29EF7317-DCA1-4159-97B2-C883AD400AC6}..Exe to msi converter free..hoaiuy.msi.@.....@.....@.....@........&.{C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}.....@.....@.....@.....@.......@.....@.....@.......@......Exe to msi converter free......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{4C231858-2B39-11D3-8E0D-00C04F6837D0}...@.......@.....@.....@........RemoveODBC..Removing ODBC components..T....@....T....@......%._B3D13F97_1369_417D_A477_B4C42B829328....J.%._B3D13F97_1369_417D_A477_B4C42B829328.@.......0..MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..............................

                                                                                                C:\Windows\Installer\MSI305F.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1716224
                                                                                                Entropy (8bit):7.459857526100218
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:cnsHyjtk2MYC5GDIhloJfAAR/sTEsiwg6gpWacS:cnsmtk2aFhlZUETE9wg5
                                                                                                MD5:6AE1479D38C7CB94C69B68D6F8678129
                                                                                                SHA1:0BE3ABAD5D5F32440715B33052CE7DF3059C5281
                                                                                                SHA-256:87E0B788C004B6A9C0796FC7D60C61F10070025440E34725D1519E6B76A99F1F
                                                                                                SHA-512:E55D621B2C49333CF980764C5D03C50D7CB9AF3742B4F7B6801240461C275988AC4E9815C9CCD8606364DE5D8EFD94C08F9DA6F6CB182955DDA3FF49A21D31E3
                                                                                                Malicious:true
                                                                                                Yara Hits:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\MSI305F.tmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\MSI305F.tmp, Author: Joe Security
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                C:\Windows\Installer\SourceHash{29EF7317-DCA1-4159-97B2-C883AD400AC6}

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.1624785881815038
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:JSbX72FjG4kJAGiLIlHVRpth/7777777777777777777777777vDHFVwTQ3QpSlN:J84kJQI5pIc3CF
                                                                                                MD5:A0640268456FD612839D669C3432CC4F
                                                                                                SHA1:A1EFC8C8BAC4BF508AAB4EA77420FC0A69259F4B
                                                                                                SHA-256:1CBB520DF923836D6AA75EDE687920D2E509DD0E1856F85C366FB0AE3202B740
                                                                                                SHA-512:8CACC2138EA3C99F06305B8256C857246333B2E46DC14217858982060E3E30B6FC0E6F611161C6DF7A09547134A3F16ABDC58FD3BC510B822EDA1A5E22AE825F
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.4230857811879027
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:xR8Ph6uRc06WXJ0FT5DJXk/pSzUMHESzfT8:mh613FTtJXk/pY3kYg
                                                                                                MD5:4F2252B2BACE3351B321DD3E7D47A8A5
                                                                                                SHA1:78DC4CC4305639B3F7BEE585DBD3C024F10B6C31
                                                                                                SHA-256:7C9B2A1CECFA2D5BE505FD11022354015FA9BA8D61FFD529A6EFF460A1AA2730
                                                                                                SHA-512:3B8409B2C07AD02629557A58D98181D62AAABD93BDBB9FE5BF437F721670A63EA09A228A9A930E717A4A74BEA4EEFAB167DDA9D92C360CE1653E40540CC1F843
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):360001
                                                                                                Entropy (8bit):5.362956066381502
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauH:zTtbmkExhMJCIpEe
                                                                                                MD5:D11BEA77DD2BF5103FE363F1CB1E3143
                                                                                                SHA1:F5A38ABA338019FADF827DAB9464812F000D2E2F
                                                                                                SHA-256:1806B941DDA580A954C2B8F3BE51F89E226DE95338BBD534A24A61E390DA0381
                                                                                                SHA-512:794A1FCF0CE82CAECC0FBAC43A32811E2C565356BB4C4270FA6D45CA15A9AB1832A57813065DAF4C0CF5415EE2D8D5BB8A35434FD43B41FF362ED9913A6014F6
                                                                                                Malicious:false
                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                C:\Windows\SysWOW64\._cache_MSI305F.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\Installer\MSI305F.tmp
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                Category:dropped
                                                                                                Size (bytes):944640
                                                                                                Entropy (8bit):7.852092187021306
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:fhloDX0XOf4mEAgu/sFFEGC+DQpUf1D5gSKN56gpt8pojcG:fhloJfAAR/sTEsiwg6gpWac
                                                                                                MD5:E759447D66AE14246646CF49367E7C49
                                                                                                SHA1:0CD114480C8CCED2B3F4C94FE8379E2A80C0159E
                                                                                                SHA-256:BFE82A1CAB90661D6074E52F9600E1940259BE463C0B4510AE065093BC9892A9
                                                                                                SHA-512:F3EE228C6BDBBCFCC9F827000C259DC8DCE9832B7F8BF02D2CEF1D3260DE235900FA05D62B53049F50FEA3FDA163F36D6D92D22965BE665420EC2FFC511254EA
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 55%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L.....fg.........."......P...0...P.......`........@.......................................@...@.......@.........................$.......................................................................H...........................................UPX0.....P..............................UPX1.....P...`...D..................@....rsrc....0......."...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                C:\Windows\Temp\~DF42FBE25BC1D17198.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):0.06962794520593918
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO4ilwTQ3lltQVky6lS:2F0i8n0itFzDHFVwTQ3lrS
                                                                                                MD5:2E7081A21D3021891B97F72D31A6B44A
                                                                                                SHA1:2418E11B83B7CD72BA76F3A6FAB7F1D5E4CCB8DA
                                                                                                SHA-256:D3EBDE7831B78D343165AF534EC1F25C7E5F780151B9CC7B3AA70C32ABFA84F2
                                                                                                SHA-512:8BD055B7B2E17CE22D7244E44A03811098FE0CA8747596F8A8304113B7F57E2A65599D0B8CE9A6174F641ED0D91977B589D3C7473E178858973C0BE46ABCC693
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF61C5730B747E2B11.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF62771B30C9492E5B.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF7C4E65FEFA49EEFD.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.1504060824620672
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:BnLSuTpPveFXJpT5yJXk/pSzUMHESzfT8:FSKARTAJXk/pY3kYg
                                                                                                MD5:597DBC866D981E3310FAD42BE5E6A6EB
                                                                                                SHA1:740B3BA5E0C07F922D048F02C60A6EB35BCDC430
                                                                                                SHA-256:1B9D3B10FAEBC41C5D220047C3BFEA2A469DE7AEE20350A9CD926E6633015D83
                                                                                                SHA-512:C264E69B9F076433DA03C72CD786C09685EBBA833EBADA204076CEBA9181781498F1BB6A2BFFB1B8AD9B51FF27B2861677D1139CBDD22F459CF5784762867218
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF836F235BB358850C.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFA11A8620308A8544.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.4230857811879027
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:xR8Ph6uRc06WXJ0FT5DJXk/pSzUMHESzfT8:mh613FTtJXk/pY3kYg
                                                                                                MD5:4F2252B2BACE3351B321DD3E7D47A8A5
                                                                                                SHA1:78DC4CC4305639B3F7BEE585DBD3C024F10B6C31
                                                                                                SHA-256:7C9B2A1CECFA2D5BE505FD11022354015FA9BA8D61FFD529A6EFF460A1AA2730
                                                                                                SHA-512:3B8409B2C07AD02629557A58D98181D62AAABD93BDBB9FE5BF437F721670A63EA09A228A9A930E717A4A74BEA4EEFAB167DDA9D92C360CE1653E40540CC1F843
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFB26A16713E980971.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFBB54040F23AB3210.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):69632
                                                                                                Entropy (8bit):0.08785303725641873
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:ZPpEvb+ipVJ+dipVJ+ZVqewGIrk4n2+whXF:fET+Sz4SzUMHpn2Fz
                                                                                                MD5:2CF3226B7443BE5946F912C431F94D4A
                                                                                                SHA1:29EF0A030FFBFFBA05ABDA8FD795987EAB63A399
                                                                                                SHA-256:9AF1A1D7C3C85465AF2E915E16343FE45BEFB4D132A46D7CB7045BC53F2D3F57
                                                                                                SHA-512:281A6A01D31EF21F74078849EF10F37D04B26704BA94CCD458B6E1C637777969C7628949DAFB241D376E5494A919F6EA610F73BFEE4A77ED87712476303EC2C4
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFCABE7AF79F39893C.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.1504060824620672
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:BnLSuTpPveFXJpT5yJXk/pSzUMHESzfT8:FSKARTAJXk/pY3kYg
                                                                                                MD5:597DBC866D981E3310FAD42BE5E6A6EB
                                                                                                SHA1:740B3BA5E0C07F922D048F02C60A6EB35BCDC430
                                                                                                SHA-256:1B9D3B10FAEBC41C5D220047C3BFEA2A469DE7AEE20350A9CD926E6633015D83
                                                                                                SHA-512:C264E69B9F076433DA03C72CD786C09685EBBA833EBADA204076CEBA9181781498F1BB6A2BFFB1B8AD9B51FF27B2861677D1139CBDD22F459CF5784762867218
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFE6FE563FEC8F8C81.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.4230857811879027
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:xR8Ph6uRc06WXJ0FT5DJXk/pSzUMHESzfT8:mh613FTtJXk/pY3kYg
                                                                                                MD5:4F2252B2BACE3351B321DD3E7D47A8A5
                                                                                                SHA1:78DC4CC4305639B3F7BEE585DBD3C024F10B6C31
                                                                                                SHA-256:7C9B2A1CECFA2D5BE505FD11022354015FA9BA8D61FFD529A6EFF460A1AA2730
                                                                                                SHA-512:3B8409B2C07AD02629557A58D98181D62AAABD93BDBB9FE5BF437F721670A63EA09A228A9A930E717A4A74BEA4EEFAB167DDA9D92C360CE1653E40540CC1F843
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFEE2EF74238AFF456.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.1504060824620672
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:BnLSuTpPveFXJpT5yJXk/pSzUMHESzfT8:FSKARTAJXk/pY3kYg
                                                                                                MD5:597DBC866D981E3310FAD42BE5E6A6EB
                                                                                                SHA1:740B3BA5E0C07F922D048F02C60A6EB35BCDC430
                                                                                                SHA-256:1B9D3B10FAEBC41C5D220047C3BFEA2A469DE7AEE20350A9CD926E6633015D83
                                                                                                SHA-512:C264E69B9F076433DA03C72CD786C09685EBBA833EBADA204076CEBA9181781498F1BB6A2BFFB1B8AD9B51FF27B2861677D1139CBDD22F459CF5784762867218
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFF2D3B43C9276A7B7.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                Category:dropped
                                                                                                Size (bytes):1835008
                                                                                                Entropy (8bit):4.416727979038759
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Pcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNQ5+:0i58oSWIZBk2MM6AFBWo
                                                                                                MD5:552284CEC48303E633D9321C6EC7D579
                                                                                                SHA1:DA1E05EDA590C8234437E3D3EFA79516A5F95C4F
                                                                                                SHA-256:EBED9890F700A357BC775F475324128AD8E5D6CEEDB711250610B64E3720EA02
                                                                                                SHA-512:060380FCBF70989311FA780E2742E97C03BF16593F65B2FB899D7E134A19A8DEC581800547F679648458C2F7B3BE8D9315A6EB0DFE67A176CF61EF4F4734ED41
                                                                                                Malicious:false
                                                                                                Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmzk.[.Z..............................................................................................................................................................................................................................................................................................................................................z..o........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Last Printed: Fri Sep 21 10:56:09 2012, Create Time/Date: Fri Sep 21 10:56:09 2012, Name of Creating Application: Windows Installer, Title: Exe to msi converter free, Author: www.exetomsi.com, Template: ;0, Last Saved By: devuser, Revision Number: {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}, Last Saved Time/Date: Tue May 21 12:56:44 2013, Number of Pages: 100, Number of Words: 0, Security: 0
                                                                                                Entropy (8bit):7.419100432352842
                                                                                                TrID:
                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                File name:hoaiuy.msi
                                                                                                File size:1'740'800 bytes
                                                                                                MD5:251eff52580900a708bc33aa5ac20707
                                                                                                SHA1:ff2848350a329b3fd9d460e40d898962899e5b4d
                                                                                                SHA256:0713f3f1c34297d9689ff5b5202c2f37e385109ce493005eb1128ec180d03afd
                                                                                                SHA512:f0d4501af1d323347aab94eb35c94980fdbade725e7f3e061835cd322ae6333877fb6e0d0ecf73cdebeab40c4fdf1e9acf0c6b5ce85afd51d0a37ddcaf4c7d94
                                                                                                SSDEEP:49152:xERnsHyjtk2MYC5GDIhloJfAAR/sTEsiwg6gpWacS:knsmtk2aFhlZUETE9wg5
                                                                                                TLSH:8D85C0B2B3818436D173563C8C7B93A75437BE592D38690E3AE57F0E6E3A34228161D7
                                                                                                File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                File Icon

                                                                                                Icon Hash:2d2e3797b32b2b99

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2024-12-30T11:34:02.304724+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749714142.250.186.110443TCP
                                                                                                2024-12-30T11:34:02.314331+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749715142.250.186.110443TCP
                                                                                                2024-12-30T11:34:03.154406+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.74972269.42.215.25280TCP
                                                                                                2024-12-30T11:34:03.270924+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749728142.250.186.110443TCP
                                                                                                2024-12-30T11:34:03.296124+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749731142.250.186.110443TCP
                                                                                                2024-12-30T11:34:05.282927+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749742142.250.186.110443TCP
                                                                                                2024-12-30T11:34:05.300123+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749743142.250.186.110443TCP
                                                                                                2024-12-30T11:34:06.251239+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749754142.250.186.110443TCP
                                                                                                2024-12-30T11:34:06.277349+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749755142.250.186.110443TCP
                                                                                                2024-12-30T11:34:07.255213+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749770142.250.186.110443TCP
                                                                                                2024-12-30T11:34:07.291572+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749771142.250.186.110443TCP
                                                                                                2024-12-30T11:34:08.312572+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749778142.250.186.110443TCP
                                                                                                2024-12-30T11:34:08.312677+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749777142.250.186.110443TCP
                                                                                                2024-12-30T11:34:09.280685+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749791142.250.186.110443TCP
                                                                                                2024-12-30T11:34:09.284700+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749792142.250.186.110443TCP
                                                                                                2024-12-30T11:34:10.264620+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749800142.250.186.110443TCP
                                                                                                2024-12-30T11:34:10.332750+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749803142.250.186.110443TCP

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Dec 30, 2024 11:34:01.307163954 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.307214022 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.307286978 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.312618017 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.312654972 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.312714100 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.317553997 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.317565918 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.317641973 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.317656994 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.929615021 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.929786921 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.930458069 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.930659056 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.935741901 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.935945988 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:01.936523914 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:01.936625957 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.008352041 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.008352995 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.008375883 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.008380890 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.008704901 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.008709908 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.008799076 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.008801937 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.012208939 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.013684988 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.055336952 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.055341005 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.171396971 CET4972280192.168.2.769.42.215.252
                                                                                                Dec 30, 2024 11:34:02.176193953 CET804972269.42.215.252192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.176290989 CET4972280192.168.2.769.42.215.252
                                                                                                Dec 30, 2024 11:34:02.176677942 CET4972280192.168.2.769.42.215.252
                                                                                                Dec 30, 2024 11:34:02.181548119 CET804972269.42.215.252192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.304714918 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.304922104 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.304939985 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.304963112 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.305087090 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.305087090 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.305641890 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.305676937 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.305859089 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.306123972 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.306137085 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.314343929 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.314604044 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.314616919 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.314924955 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.315274954 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.315321922 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.315443039 CET44349715142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.315506935 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.315506935 CET49715443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.316162109 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.316164017 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.316190958 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.316195011 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.316456079 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.316485882 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.316499949 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.316504002 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.316612959 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.317159891 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.317159891 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.317183971 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.317184925 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.317495108 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.317504883 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.607336998 CET49714443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.607362032 CET44349714142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.905633926 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.905914068 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.907867908 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.907876968 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.910274029 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.910283089 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.926136017 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.926213980 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.939172029 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.939179897 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.941183090 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:02.941188097 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.951529980 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.951618910 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.952321053 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.952395916 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.956187010 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.956201077 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.956446886 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.956619978 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.956944942 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.979820967 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.979841948 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.980180025 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.980242014 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:02.980776072 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:03.003321886 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.023333073 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.152683020 CET804972269.42.215.252192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.154406071 CET4972280192.168.2.769.42.215.252
                                                                                                Dec 30, 2024 11:34:03.270926952 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.272671938 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.272752047 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:03.296128988 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.296211004 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:03.296220064 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.296261072 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:03.297131062 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.297178984 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.297223091 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:03.362700939 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.362760067 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.362837076 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:03.362867117 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.362906933 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:03.363065958 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.363106012 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:03.363121986 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.363159895 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:03.515367031 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.515424967 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.515491962 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:03.515508890 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.515649080 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:03.515695095 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:03.653016090 CET49731443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:03.653048992 CET44349731142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.296979904 CET49728443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.297010899 CET44349728142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.298144102 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.298186064 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.298252106 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.299515963 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.299535036 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.301403999 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.301441908 CET44349743142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.301522970 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.302048922 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.302062988 CET44349743142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.304642916 CET49729443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.304675102 CET44349729216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.304759979 CET49730443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.304794073 CET44349730216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.305906057 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.305947065 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.306029081 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.306298018 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.306312084 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.306530952 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.306554079 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.306606054 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.341267109 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.341298103 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.909646034 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.909723043 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.910437107 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.910445929 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.912708998 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.912714958 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.914731026 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.914794922 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.915096045 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.915102959 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.917418003 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.917422056 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.920383930 CET44349743142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.920690060 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.921166897 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.921170950 CET44349743142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.923365116 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:04.923371077 CET44349743142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.940188885 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.940247059 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.940577030 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.940588951 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:04.942383051 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:04.942392111 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.282932043 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.283009052 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.283041954 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.283119917 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.283176899 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.283219099 CET44349742142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.283297062 CET49742443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.283782005 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.283843040 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.284043074 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.284259081 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.284277916 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.300138950 CET44349743142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.300211906 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.300335884 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.300386906 CET44349743142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.300440073 CET49743443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.300872087 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.300906897 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.300977945 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.301193953 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.301207066 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.334995031 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.335042000 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.335097075 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.335122108 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.335139990 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.335161924 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.335189104 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.336018085 CET49744443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.336036921 CET44349744216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.336481094 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.336498022 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.336565018 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.336807013 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.336815119 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.484009981 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.484062910 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.484071970 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.484081030 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.484102964 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.484142065 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.484146118 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.484180927 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.484190941 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.484217882 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.484957933 CET49745443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.484972000 CET44349745216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.485558987 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.485584021 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.485671043 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.485893965 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.485904932 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.880333900 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.880415916 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.881108046 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.881166935 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.891372919 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.891413927 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.891685009 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.891761065 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.892240047 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.903115988 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.903183937 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.904011965 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.904073000 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.908262968 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.908273935 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.908610106 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.908735991 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.909168005 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:05.939371109 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.951333046 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.962970972 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.963033915 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.963637114 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.963646889 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:05.963946104 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:05.963952065 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.087536097 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.087846041 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.088361025 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.088366985 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.088548899 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.088553905 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.251239061 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.251425028 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.251461983 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.251509905 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.251590014 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.251638889 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.251780987 CET44349754142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.251830101 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.251844883 CET49754443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.252186060 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.252217054 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.252479076 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.252763033 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.252779961 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.277368069 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.277430058 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.277473927 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.277518988 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.277714014 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.277770042 CET44349755142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.277836084 CET49755443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.278337002 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.278374910 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.278464079 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.278789043 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.278801918 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.448996067 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.449053049 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.449063063 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.449090958 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.449107885 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.449142933 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.449147940 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.449157953 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.449181080 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.449201107 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.461348057 CET49757443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.461376905 CET44349757216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.462508917 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.462560892 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.462626934 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.463424921 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.463449001 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.504044056 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.504105091 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.504132986 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.504163027 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.504182100 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.504208088 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.504215002 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.504241943 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.504287958 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.505687952 CET49762443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.505709887 CET44349762216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.507035017 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.507081985 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.507152081 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.507967949 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:06.507986069 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.861816883 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.861890078 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.862603903 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.862652063 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.907351017 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.907426119 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.908113003 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.908170938 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.955367088 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.955408096 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.955787897 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.955848932 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.967057943 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.969161987 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.969187975 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.969575882 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:06.970129967 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:06.970491886 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.011337042 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.011342049 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.082449913 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.082576036 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.116425037 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.118433952 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.255219936 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.255712032 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.255752087 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.255796909 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.256037951 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.256082058 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.256124020 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.291580915 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.292618036 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.292731047 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.321700096 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.321732998 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.322701931 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.322738886 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.323724985 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.323731899 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.324626923 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.324635983 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.349607944 CET49770443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.349661112 CET44349770142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.358547926 CET49777443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.358578920 CET44349777142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.358637094 CET49777443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.362350941 CET49777443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.362370014 CET44349777142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.634928942 CET49771443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.634964943 CET44349771142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.636203051 CET49778443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.636229038 CET44349778142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.636297941 CET49778443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.640779018 CET49778443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.640791893 CET44349778142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.805713892 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.805768967 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.805778027 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.805811882 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.805828094 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.805871010 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.805877924 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.805887938 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.805910110 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.805933952 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.809221983 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.809282064 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.809284925 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.809319019 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.809336901 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.809366941 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.809372902 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.809412003 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.809607983 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.809647083 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.809657097 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.809701920 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.827718019 CET49772443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.827747107 CET44349772216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.835551977 CET49783443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.835592031 CET44349783216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.835655928 CET49783443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.839425087 CET49773443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.839447021 CET44349773216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.839792967 CET49784443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.839832067 CET44349784216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.840173960 CET49784443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.841545105 CET49784443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.841558933 CET44349784216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.891845942 CET49783443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:07.891881943 CET44349783216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.961199999 CET44349777142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.961265087 CET49777443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.961816072 CET49777443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.961827993 CET44349777142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.962002993 CET49777443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:07.962008953 CET44349777142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.267493010 CET44349778142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.267564058 CET49778443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.268172979 CET49778443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.268182993 CET44349778142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.268400908 CET49778443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.268404961 CET44349778142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.312262058 CET49784443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:08.312278032 CET49783443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:08.312305927 CET49777443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.312319040 CET49778443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.313268900 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.313309908 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.313380957 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.313626051 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.313663006 CET44349792142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.313716888 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.315279007 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.315296888 CET44349792142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.315511942 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.315531015 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.914161921 CET44349792142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.914315939 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.914829969 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.914839983 CET44349792142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.916603088 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.916610956 CET44349792142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.917114019 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.917284966 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.917567968 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.917578936 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:08.917778015 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:08.917783022 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.280684948 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.280831099 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.280895948 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.281152010 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.281152010 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.281212091 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.281383038 CET44349791142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.281394005 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.281718969 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.281749964 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.281778097 CET49791443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.281819105 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.282268047 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.282282114 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.283245087 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.283268929 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.283368111 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.283610106 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.283622980 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.284724951 CET44349792142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.284823895 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.284871101 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.284926891 CET44349792142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.285032034 CET49792443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.285418034 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.285470963 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.285499096 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.285537958 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.285542011 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.285712957 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.285942078 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.285953999 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.286108971 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.286124945 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.883419991 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.883477926 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.891532898 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.891642094 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.891906977 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.891968012 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.892324924 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.892389059 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.903549910 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.903573990 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.903886080 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.903928995 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.919619083 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.949834108 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.949855089 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.950198889 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.950252056 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.951796055 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.959161043 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.959182024 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.959502935 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.959583044 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.960129023 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:09.963323116 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.967864990 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.967937946 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.968600988 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.968662977 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.971395969 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.971407890 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.971647024 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:09.971878052 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.972357035 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:09.995332956 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.007329941 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.019365072 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.264627934 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.264689922 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.264710903 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.264749050 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.265731096 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.265784025 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.265808105 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.265831947 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.289071083 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.289112091 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.289150000 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:10.289177895 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.289194107 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:10.289220095 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:10.289226055 CET44349801216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.289268017 CET49801443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:10.332797050 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.332895041 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.332927942 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.332997084 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.334673882 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.334726095 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.334743977 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.334790945 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:10.450217009 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.450268984 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.450341940 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:10.450361013 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.450393915 CET44349802216.58.206.65192.168.2.7
                                                                                                Dec 30, 2024 11:34:10.450404882 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:10.450433016 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:19.900993109 CET49803443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:19.901036978 CET44349803142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:19.901612043 CET49800443192.168.2.7142.250.186.110
                                                                                                Dec 30, 2024 11:34:19.901633024 CET44349800142.250.186.110192.168.2.7
                                                                                                Dec 30, 2024 11:34:20.902971029 CET4972280192.168.2.769.42.215.252
                                                                                                Dec 30, 2024 11:34:20.902976990 CET49802443192.168.2.7216.58.206.65
                                                                                                Dec 30, 2024 11:34:20.903039932 CET49801443192.168.2.7216.58.206.65

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Dec 30, 2024 11:34:01.269495964 CET6324753192.168.2.71.1.1.1
                                                                                                Dec 30, 2024 11:34:01.279633045 CET53632471.1.1.1192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.132359982 CET5951653192.168.2.71.1.1.1
                                                                                                Dec 30, 2024 11:34:02.139790058 CET53595161.1.1.1192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.162463903 CET6061053192.168.2.71.1.1.1
                                                                                                Dec 30, 2024 11:34:02.169588089 CET53606101.1.1.1192.168.2.7
                                                                                                Dec 30, 2024 11:34:02.307570934 CET5030253192.168.2.71.1.1.1
                                                                                                Dec 30, 2024 11:34:02.314568996 CET53503021.1.1.1192.168.2.7
                                                                                                Dec 30, 2024 11:34:07.766102076 CET6476553192.168.2.71.1.1.1
                                                                                                Dec 30, 2024 11:34:07.773931026 CET53647651.1.1.1192.168.2.7
                                                                                                Dec 30, 2024 11:34:41.630024910 CET5363966162.159.36.2192.168.2.7
                                                                                                Dec 30, 2024 11:34:42.083277941 CET53591751.1.1.1192.168.2.7

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Dec 30, 2024 11:34:01.269495964 CET192.168.2.71.1.1.10x3e30Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:02.132359982 CET192.168.2.71.1.1.10x280fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:02.162463903 CET192.168.2.71.1.1.10xd2bfStandard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:02.307570934 CET192.168.2.71.1.1.10x8444Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:07.766102076 CET192.168.2.71.1.1.10x584dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Dec 30, 2024 11:33:59.209574938 CET1.1.1.1192.168.2.70xb1f6No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Dec 30, 2024 11:33:59.209574938 CET1.1.1.1192.168.2.70xb1f6No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:01.279633045 CET1.1.1.1192.168.2.70x3e30No error (0)docs.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:02.139790058 CET1.1.1.1192.168.2.70x280fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:02.169588089 CET1.1.1.1192.168.2.70xd2bfNo error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:02.314568996 CET1.1.1.1192.168.2.70x8444No error (0)drive.usercontent.google.com216.58.206.65A (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:34:07.773931026 CET1.1.1.1192.168.2.70x584dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                Dec 30, 2024 11:35:04.083066940 CET1.1.1.1192.168.2.70x9714No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Dec 30, 2024 11:35:04.083066940 CET1.1.1.1192.168.2.70x9714No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • docs.google.com
                                                                                                • drive.usercontent.google.com
                                                                                                • freedns.afraid.org

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.74972269.42.215.252807120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Dec 30, 2024 11:34:02.176677942 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                User-Agent: MyApp
                                                                                                Host: freedns.afraid.org
                                                                                                Cache-Control: no-cache
                                                                                                Dec 30, 2024 11:34:03.152683020 CET243INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 30 Dec 2024 10:34:03 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: keep-alive
                                                                                                Vary: Accept-Encoding
                                                                                                X-Cache: MISS
                                                                                                Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.749715142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:02 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-A7JcGFLsUppKmaDXdfc-zA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.749714142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:02 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-NCTCeQcnqVNQWGUFfq-VTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.749728142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:03 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-V6Me8UcYLErTUbJVA4zrOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.749731142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:03 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-l8_f7jeCCY7KpZBMegM2-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.749730216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:02 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-30 10:34:03 UTC1594INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC5OYZsxUUmhhCcVeF2R-HvYF9sMGhJTk2AFUUgrzIKWlAfgy40TiCCDHnE3cuCcoyfp
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:03 GMT
                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-e5Hxq8mn8WJ6xt-ax5uJ0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Set-Cookie: NID=520=JblG2P3oDL03N4yzQwrFCO6k8b2Iz7JnusK-p3nqRfgfkzBiATbBqrs1Ex2TPSdGclyejFtBRngYdhVptvu0sf0IdIwu4XCzMWzlZsZQDHGM0lph6Mol-f5pDF2Vxu-BF_b1UjOnyL4qoR92CTkEE9RAowFIB5u8Op0nrNRNaGkj3ZRQ1gRMnS0; expires=Tue, 01-Jul-2025 10:34:03 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:03 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 47 62 65 5f 47 46 5a 51 33 38 55 56 46 53 47 38 32 79 37 57 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mGbe_GFZQ38UVFSG82y7WQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                2024-12-30 10:34:03 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.749729216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:02 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-30 10:34:03 UTC1594INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC7rL9iz_NbFvmt1wgpTdxU95TyXrWITsz5S45l0iMzMR8aZlDQ6xLs7LuSqs_YBGusN
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:03 GMT
                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-XO2vpFTThq1lAQFMaUsYGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Set-Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM; expires=Tue, 01-Jul-2025 10:34:03 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:03 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 47 4f 57 41 54 63 76 52 6b 6c 56 49 43 57 7a 46 50 62 45 45 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yGOWATcvRklVICWzFPbEEg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                2024-12-30 10:34:03 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.749742142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:05 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-PcirtFxnp7POjsIV-NT46w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.749744216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:05 UTC1243INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC7RAAw0mlLzPqc6Pp9a5seYr0j7gKHT-s5sthqDvB-I8MNERA4FmdWR9AMZWLLx_0xJ
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:05 GMT
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-nw4gizUxbOyiEZzPuaX0iQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:05 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                2024-12-30 10:34:05 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 6f 4d 43 63 4f 55 67 47 53 42 72 50 39 4b 46 75 4c 6e 51 48 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                Data Ascii: t Found)!!1</title><style nonce="-oMCcOUgGSBrP9KFuLnQHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                2024-12-30 10:34:05 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.749743142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:05 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-2fO0RGLiJ2ZRY_b9ADTT_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.749745216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:05 UTC1243INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC6UmuDTxPNtGPD0ZeINl2bS5gwElLcAvzsoefDT8ZDgucbt252nq-Zj9KlnTlDz6_Jv
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:05 GMT
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-WDeeuwiJfwZ2XJAtEf6CDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:05 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                2024-12-30 10:34:05 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 41 66 6f 33 59 65 6a 54 69 36 5a 31 53 32 4a 76 51 79 6d 42 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                Data Ascii: t Found)!!1</title><style nonce="NAfo3YejTi6Z1S2JvQymBA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                2024-12-30 10:34:05 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.749754142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:06 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-3B_xlloSbhbbSFxKvgy4HQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.749755142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:06 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-eXfi1-wqyiRtKk9NGvIuJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.749757216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:06 UTC1250INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC63bX1kwI6XAu3dcomZSsixQgvRDxxY9qQICByif2oWk679tZo29ZcYfnFosXHDMxP5ZV5nOTU
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:06 GMT
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-DY0Q0wl0uCXvgCf-pFSAMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:06 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                2024-12-30 10:34:06 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 45 4c 6e 62 75 39 4b 41 6d 4c 68 55 34 4c 56 7a 49 64 30 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="UELnbu9KAmLhU4LVzId0aQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                2024-12-30 10:34:06 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.2.749762216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:06 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:06 UTC1243INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC6XyaAZqxT60dvOc6DWGz93lM3lYOat_PsWV4ASE5jT9lNJVaZj3tfJ3IqjwajV1bhp
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:06 GMT
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-DnVPaQCmtrBi9MTbxBcDVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:06 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                2024-12-30 10:34:06 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 35 33 64 33 4a 4f 44 6e 42 62 30 57 6a 35 77 30 50 58 6d 6e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                Data Ascii: t Found)!!1</title><style nonce="E53d3JODnBb0Wj5w0PXmnA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                2024-12-30 10:34:06 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                14192.168.2.749770142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:07 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-IcfFD27TuMFSF449Ajm2dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                15192.168.2.749771142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:07 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-PQ-CiMSzqYJBJQooptArYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                16192.168.2.749772216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:07 UTC1250INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC52bjcwT55uh_hd1CO7bBJb04UeQyE9wXOGKXHnjuA7_mh58U8bnl8Z41DtbwXr5H3uBLGXrlc
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:07 GMT
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ExTdA9Q5ahMn1bDHaMUNEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:07 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                2024-12-30 10:34:07 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 46 35 30 6f 5a 46 63 75 61 30 4d 33 65 57 36 30 53 53 37 72 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="NF50oZFcua0M3eW60SS7rw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                2024-12-30 10:34:07 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                17192.168.2.749773216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:07 UTC1243INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC5Twsg3DK3LFQgWw4OOOeC_pmFgX7VMmiaAST2-UKwkySrIXiODlkXfZuZr_iHHZAZw
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:07 GMT
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-rMCgTBd9sMWSW24zyMg0mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:07 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                2024-12-30 10:34:07 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 35 54 56 44 79 45 67 5a 64 50 64 79 6c 78 67 7a 76 6b 73 52 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                Data Ascii: t Found)!!1</title><style nonce="n5TVDyEgZdPdylxgzvksRw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                2024-12-30 10:34:07 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                18192.168.2.749777142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                19192.168.2.749778142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                20192.168.2.749792142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:09 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-3b6_O7eGHD54W2jYUwTIIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                21192.168.2.749791142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:09 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-AEEwOiPFQnvyW5xhKDtosg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                22192.168.2.749801216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:10 UTC1243INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC6wDPId7diy6EKGzgiVb3DjO_YnoOlpaHKxLZkp222F3RHKLbsiERUCKWtMuS35VJee
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:10 GMT
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-QeKnXK2-gM3Nd6TcYK64KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:10 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                2024-12-30 10:34:10 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 37 63 4f 48 65 47 67 75 71 58 63 61 53 51 5a 46 50 74 49 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                Data Ascii: t Found)!!1</title><style nonce="Y7cOHeGguqXcaSQZFPtIdg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                2024-12-30 10:34:10 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                23192.168.2.749800142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:10 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-MPJVueyOn7tD6wJ_TDXijg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                24192.168.2.749802216.58.206.654437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.usercontent.google.com
                                                                                                Connection: Keep-Alive
                                                                                                Cookie: NID=520=qYWmxfgs_mHy3-I7WcIn6cQJXQT6DFyAKOkcaMh4ug6oKnqfJha4e_clsMsjWfDeN0jdr0vAxcXRAsmPegRtUYP5R8ecv2fqS6hQ1mnFuVBNPx1oMxXOIraFKviJrzOFFDfj-mJfDPbMWcqJlH-xYvPHV4A2ZAnFB22ucQpn1b-fdEayylfS3gM
                                                                                                2024-12-30 10:34:10 UTC1250INHTTP/1.1 404 Not Found
                                                                                                X-GUploader-UploadID: AFiumC5HAZ5612s1TTwJ2ZNPKySR1E-A5cBwTOrO0yjW1agva19ifbK4l0dS6I2C-7tKu_j2D9YcDUU
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:10 GMT
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-fkbuH5UabYG-N_cS5LUhdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Content-Length: 1652
                                                                                                Server: UploadServer
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                Connection: close
                                                                                                2024-12-30 10:34:10 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                2024-12-30 10:34:10 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 73 73 65 75 42 69 2d 71 56 34 77 4f 6f 47 4c 46 69 68 75 36 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="ysseuBi-qV4wOoGLFihu6g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                2024-12-30 10:34:10 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                25192.168.2.749803142.250.186.1104437120C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-30 10:34:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                User-Agent: Synaptics.exe
                                                                                                Host: docs.google.com
                                                                                                Cache-Control: no-cache
                                                                                                2024-12-30 10:34:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                Content-Type: application/binary
                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                Date: Mon, 30 Dec 2024 10:34:10 GMT
                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-lJL03PJuafcWgCUtqFOL2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                Server: ESF
                                                                                                Content-Length: 0
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:05:33:48
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\hoaiuy.msi"
                                                                                                Imagebase:0x7ff78a3f0000
                                                                                                File size:69'632 bytes
                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:05:33:49
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                Imagebase:0x7ff78a3f0000
                                                                                                File size:69'632 bytes
                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:7
                                                                                                Start time:05:33:50
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\Windows\Installer\MSI305F.tmp
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\Installer\MSI305F.tmp"
                                                                                                Imagebase:0x400000
                                                                                                File size:1'716'224 bytes
                                                                                                MD5 hash:6AE1479D38C7CB94C69B68D6F8678129
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000007.00000000.1268745276.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\MSI305F.tmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\MSI305F.tmp, Author: Joe Security
                                                                                                Antivirus matches:
                                                                                                • Detection: 100%, Avira
                                                                                                • Detection: 100%, Avira
                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                • Detection: 92%, ReversingLabs
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:05:33:52
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                Imagebase:0x400000
                                                                                                File size:771'584 bytes
                                                                                                MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:Borland Delphi
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                Antivirus matches:
                                                                                                • Detection: 100%, Avira
                                                                                                • Detection: 100%, Avira
                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                • Detection: 92%, ReversingLabs
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:05:33:52
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                Imagebase:0x10000
                                                                                                File size:53'161'064 bytes
                                                                                                MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:16
                                                                                                Start time:05:34:02
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                Imagebase:0x400000
                                                                                                File size:771'584 bytes
                                                                                                MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:Borland Delphi
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:21
                                                                                                Start time:05:34:08
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 4052
                                                                                                Imagebase:0xda0000
                                                                                                File size:483'680 bytes
                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:22
                                                                                                Start time:05:34:08
                                                                                                Start date:30/12/2024
                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 4080
                                                                                                Imagebase:0xda0000
                                                                                                File size:483'680 bytes
                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                Disassembly

                                                                                                No disassembly